bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
[
{
"vendor": "Apache Software Foundation",
"product": "Apache Zeppelin",
"versions": [
{
"version": "Apache Zeppelin",
"status": "affected",
"lessThanOrEqual": "0.9.0",
"versionType": "custom"
}
]
}
]
www.openwall.com/lists/oss-security/2021/09/02/1
lists.apache.org/thread.html/rd56389ba9cab30a6c976b9a4a6df0f85cbe8fba6a60a3cf6e3ba716b%40%3Cusers.zeppelin.apache.org%3E
lists.apache.org/thread.html/rdf06e8423833b3daadc30c56a2ff47c48920864d5199476daa897208%40%3Cannounce.apache.org%3E
lists.apache.org/thread.html/rdf06e8423833b3daadc30c56a2ff47c48920864d5199476daa897208%40%3Cusers.zeppelin.apache.org%3E
security.gentoo.org/glsa/202311-04