GHSA-86jx-wr74-xr74

Опубликовано: 09 апр. 2024

Источник: github

Github: Прошло ревью

CVSS4: 9.3

CVSS3: 9.8

Описание

Improper escaping in Apache Zeppelin

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.

The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.

Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Ссылки

Пакеты

Наименование

org.apache.zeppelin:zeppelin-interpreter

maven

Затронутые версииВерсия исправления

>= 0.8.2, < 0.11.1

0.11.1

EPSS

Процентиль: 81%

0.01519

Низкий

9.3 Critical

CVSS4

9.8 Critical

CVSS3

CVE ID

CVE-2024-31866

Дефекты

CWE-116

Связанные уязвимости

CVE-2024-31866

CVSS3: 9.8

nvd

почти 2 года назад

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

EPSS

Процентиль: 81%

0.01519

Низкий

9.3 Critical

CVSS4

9.8 Critical

CVSS3

CVE ID

CVE-2024-31866

Дефекты

CWE-116