Lucene search
GitHub Advisory DatabaseGHSA-66J8-C83M-GJ5FHistoryApr 09, 2024 - 6:30 p.m.
Apache Zeppelin remote code execution by adding malicious JDBC connection string
2024-04-0918:30:22
CWE-94
GitHub Advisory Database
github.com
5
apache zeppelin
remote code execution
jdbc connection
mysql
vulnerability
upgrade
version 0.11.1
Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache Zeppelin.
The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
Affected configurations
Node
org.apache.zeppelin\zeppelinMatchjdbc
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.apache.zeppelin:zeppelin-jdbc | lt | 0.11.1 |
References
www.openwall.com/lists/oss-security/2024/04/09/8
github.com/advisories/GHSA-66j8-c83m-gj5f
github.com/apache/zeppelin/commit/e65b5430e43c076c138a1f56e3f2aba1324118f2
github.com/apache/zeppelin/pull/4709
issues.apache.org/jira/browse/ZEPPELIN-5990
lists.apache.org/thread/752qdk0rnkd9nqtornz734zwb7xdwcdb
nvd.nist.gov/vuln/detail/CVE-2024-31864
www.cve.org/CVERecord?id=CVE-2020-11974
Related
nvd
nvd
CVE-2024-31864
2024-04-09 16:15:08
cnvd
cnvd
Apache Zeppelin Code Injection Vulnerability (CNVD-2024-17938)
2024-04-11 00:00:00
cve
cve
CVE-2024-31864
2024-04-09 16:15:08
veracode
veracode
Code Injection
2024-04-12 11:39:43
cvelist
cvelist
osv
osv