Lucene search
ApacheCVELIST:CVE-2022-47894HistoryApr 09, 2024 - 9:29 a.m.
CVE-2022-47894 Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE
2024-04-0909:29:17
CWE-20
apache
www.cve.org
apache zeppelin
sap
xxe
vulnerability
retired
improper input validation
Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
For more information, the fix already was merged in the source code but Zeppelin decided to retire the SAP component
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CNA Affected
[
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.zeppelin:sap",
"product": "Apache Zeppelin SAP",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "0.11.0",
"status": "affected",
"version": "0.8.0",
"versionType": "semver"
}
]
}
]Related
osv
osv
nvd
nvd
CVE-2022-47894
2024-04-09 10:15:08
github
github
veracode
veracode
XML External Entity Injection
2024-04-10 11:50:53
cve
cve
CVE-2022-47894
2024-04-09 10:15:08