CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-31860

Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access. This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 60.3%

CVSS Severity

CVSS v3 Score 6.5

References

https://github.com/apache/zeppelin/pull/4632
https://lists.apache.org/thread/c0zfjnow3oc3dzc8w5rbkzj8lqj5jm5x
http://www.openwall.com/lists/oss-security/2024/04/09/2
https://github.com/apache/zeppelin/pull/4632
https://lists.apache.org/thread/c0zfjnow3oc3dzc8w5rbkzj8lqj5jm5x

Products affected by CVE-2024-31860

Apache » Zeppelin » Version: 0.10.0

cpe:2.3:a:apache:zeppelin:0.10.0
Apache » Zeppelin » Version: 0.10.1

cpe:2.3:a:apache:zeppelin:0.10.1
Apache » Zeppelin » Version: 0.9.0

cpe:2.3:a:apache:zeppelin:0.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-31860

Products

Pricing

Contact Us