Lucene search
HistoryApr 09, 2024 - 4:15 p.m.
CVE-2024-31868
improper encoding output
xss attacks
apache zeppelin 0.8.2 - 0.11.1
upgrade required
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.
The attackers can modify helium.json and exposure XSS attacks to normal users.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
Affected configurations
Node
apachezeppelinRange≤0.11.1
CNA Affected
[
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.zeppelin:zeppelin-interpreter",
"product": "Apache Zeppelin",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "0.11.1",
"status": "affected",
"version": "0.8.2",
"versionType": "semver"
}
]
}
]Related
cvelist
cvelist
CVE-2024-31868 Apache Zeppelin: XSS vulnerability in the helium module
2024-04-09 16:10:30
cnvd
cnvd
Apache Zeppelin Cross-Site Scripting Vulnerability (CNVD-2024-17939)
2024-04-11 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2024-04-12 17:18:19
github
github
Apache Zeppelin vulnerable to cross-site scripting in the helium module
2024-04-09 18:30:22
osv
osv
Apache Zeppelin vulnerable to cross-site scripting in the helium module
2024-04-09 18:30:22
nvd
nvd
CVE-2024-31868
2024-04-09 16:15:08