GHSA-xg8j-j6vp-6h5w

Опубликовано: 03 авг. 2025

Источник: github

Github: Прошло ревью

CVSS4: 6.9

Описание

Apache Zeppelin: Missing Origin Validation in WebSockets vulnerability

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin.

The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0.

Users are recommended to upgrade to version 0.12.0, which fixes the issue.

Ссылки

Пакеты

Наименование

org.apache.zeppelin:zeppelin-shell

maven

Затронутые версииВерсия исправления

>= 0.11.1, < 0.12.0

0.12.0

EPSS

Процентиль: 15%

0.00047

Низкий

6.9 Medium

CVSS4

CVE ID

CVE-2024-51775

Дефекты

CWE-1385

Связанные уязвимости

CVE-2024-51775

CVSS3: 5.3

nvd

6 месяцев назад

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue.

EPSS

Процентиль: 15%

0.00047

Низкий

6.9 Medium

CVSS4

CVE ID

CVE-2024-51775

Дефекты

CWE-1385