Lucene search
ApacheCVELIST:CVE-2024-31866HistoryApr 09, 2024 - 4:09 p.m.
CVE-2024-31866 Apache Zeppelin: Interpreter download command does not escape malicious code injection
2024-04-0916:09:12
CWE-116
apache
www.cve.org
3
apache zeppelin
shell scripts
configuration override
security issue
upgrade
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.
The attackers can execute shell scripts or malicious code by overriding configuration likeΒ ZEPPELIN_INTP_CLASSPATH_OVERRIDES.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
CNA Affected
[
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.zeppelin:zeppelin-interpreter",
"product": "Apache Zeppelin",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "0.11.1",
"status": "affected",
"version": "0.8.2",
"versionType": "semver"
}
]
}
]Related
nvd
nvd
CVE-2024-31866
2024-04-09 16:15:08
osv
osv
Improper escaping in Apache Zeppelin
2024-04-09 18:30:22
github
github
Improper escaping in Apache Zeppelin
2024-04-09 18:30:22
cnvd
cnvd
Apache Zeppelin Code Execution Vulnerability
2024-04-11 00:00:00
veracode
veracode
Code Injection
2024-04-12 12:40:49
vulnrichment
vulnrichment
cve
cve
CVE-2024-31866
2024-04-09 16:15:08