Lucene search
ApacheCVE-2024-31867HistoryApr 09, 2024 - 5:16 p.m.
CVE-2024-31867
2024-04-0917:16:03
CWE-20
apache
web.nvd.nist.gov
24
improper input validation
apache zeppelin
ldap search filter
security vulnerability
cve-2024-31867
upgrade
Improper Input Validation vulnerability in Apache Zeppelin.
The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
Affected configurations
Node
apachezeppelinRange≤0.11.1
CNA Affected
[
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.zeppelin:zeppelin-server",
"product": "Apache Zeppelin",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "0.11.1",
"status": "affected",
"version": "0.8.2",
"versionType": "semver"
}
]
}
]Related
nvd
nvd
CVE-2024-31867
2024-04-09 17:16:03
veracode
veracode
Improper Input Validation
2024-04-12 15:08:26
github
github
Apache Zeppelin: LDAP search filter query Injection Vulnerability
2024-04-09 18:30:28
vulnrichment
vulnrichment
cnvd
cnvd
Apache Zeppelin Input Validation Error Vulnerability (CNVD-2024-17937)
2024-04-11 00:00:00
cvelist
cvelist
osv
osv
Apache Zeppelin: LDAP search filter query Injection Vulnerability
2024-04-09 18:30:28