Описание
Code injection in Apache Zeppelin Shell
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin.
The attackers can use Shell interpreter as a code generation gateway, and execute the generated code as a normal way. This issue affects Apache Zeppelin: from 0.10.1 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which doesn't have Shell interpreter by default.
Пакеты
Наименование
org.apache.zeppelin:zeppelin-shell
maven
Затронутые версииВерсия исправления
>= 0.10.1, < 0.11.1
0.11.1
CVE ID
Дефекты
CWE-94
Связанные уязвимости
nvd
почти 2 года назад
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE ID
Дефекты
CWE-94