Lucene search
ApacheVULNRICHMENT:CVE-2024-31864HistoryApr 09, 2024 - 4:05 p.m.
CVE-2024-31864 Apache Zeppelin: Remote code execution by adding malicious JDBC connection string
2024-04-0916:05:32
CWE-94
apache
github.com
4
cve-2024-31864
apache zeppelin
remote code execution
jdbc connection string
vulnerability
mysql database
upgrade
version 0.11.1
security issue
Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache Zeppelin.
The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver.
This issue affects Apache Zeppelin: before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
CNA Affected
[
{
"vendor": "Apache Software Foundation",
"product": "Apache Zeppelin",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "0.11.1",
"versionType": "semver"
}
],
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected"
}
]ADP Affected
[
{
"cpes": [
"cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*"
],
"vendor": "apache",
"product": "zeppelin",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "0.11.1",
"versionType": "semver"
}
],
"defaultStatus": "unknown"
}
]Related
cnvd
cnvd
Apache Zeppelin Code Injection Vulnerability (CNVD-2024-17938)
2024-04-11 00:00:00
cve
cve
CVE-2024-31864
2024-04-09 16:15:08
veracode
veracode
Code Injection
2024-04-12 11:39:43
cvelist
cvelist
nvd
nvd
CVE-2024-31864
2024-04-09 16:15:08
github
github
osv
osv
AI Score
7
Confidence
High
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
Related for VULNRICHMENT:CVE-2024-31864