CVE-2024-31864

2024-04-0916:15:08

CWE-94

[email protected]

web.nvd.nist.gov

cve-2024-31864

improper control of generation of code

code injection

apache zeppelin

mysql database

jdbc driver

security vulnerability

upgrade

9.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache Zeppelin.

The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver.
This issue affects Apache Zeppelin: before 0.11.1.

Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Affected configurations

Vulners

Node

apachezeppelinRange≤0.11.1

CNA Affected

[
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "product": "Apache Zeppelin",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "0.11.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]