Improper Input Validation vulnerability in Apache Zeppelin.
By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access.
This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0.
Users are recommended to upgrade to version 0.11.0, which fixes the issue.
References
Link | Resource |
---|---|
https://github.com/apache/zeppelin/pull/4632 | Issue Tracking Patch |
https://lists.apache.org/thread/c0zfjnow3oc3dzc8w5rbkzj8lqj5jm5x | Mailing List Vendor Advisory |
http://www.openwall.com/lists/oss-security/2024/04/09/2 | Mailing List |
https://github.com/apache/zeppelin/pull/4632 | Issue Tracking Patch |
https://lists.apache.org/thread/c0zfjnow3oc3dzc8w5rbkzj8lqj5jm5x | Mailing List Vendor Advisory |
Configurations
History
06 May 2025, 14:15
Type | Values Removed | Values Added |
---|---|---|
CWE |
05 May 2025, 20:49
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-22 | |
First Time |
Apache
Apache zeppelin |
|
CPE | cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:* | |
References | () http://www.openwall.com/lists/oss-security/2024/04/09/2 - Mailing List | |
References | () https://github.com/apache/zeppelin/pull/4632 - Issue Tracking, Patch | |
References | () https://lists.apache.org/thread/c0zfjnow3oc3dzc8w5rbkzj8lqj5jm5x - Mailing List, Vendor Advisory |
13 Feb 2025, 18:18
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access. This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. |
21 Nov 2024, 09:14
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2024/04/09/2 - | |
References | () https://github.com/apache/zeppelin/pull/4632 - | |
References | () https://lists.apache.org/thread/c0zfjnow3oc3dzc8w5rbkzj8lqj5jm5x - |
03 Jul 2024, 01:55
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
01 May 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Apr 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-09 09:15
Updated : 2025-05-06 14:15
NVD link : CVE-2024-31860
Mitre link : CVE-2024-31860
CVE.ORG link : CVE-2024-31860
JSON object : View
Products Affected
apache
- zeppelin
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')