CVE-2024-31862

Description

Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Affected products

Apache Software Foundation / Apache Zeppelin0.10.1 – 0.11.0

References

PATCHhttps://github.com/apache/zeppelin/pull/4632
MAILING_LISThttps://lists.apache.org/thread/73xdjx43yg4yz8bd4p3o8vzyybkysmn0
MAILING_LISThttp://www.openwall.com/lists/oss-security/2024/04/09/5