Lucene search
GitHub Advisory DatabaseGHSA-QMR3-52XF-WMHXHistoryApr 09, 2024 - 6:30 p.m.
Apache Zeppelin: LDAP search filter query Injection Vulnerability
2024-04-0918:30:28
CWE-20
CWE-90
GitHub Advisory Database
github.com
7
apache zeppelin
ldap search filter
input validation
vulnerability
attackers
configuration
upgrade
Improper Input Validation vulnerability in Apache Zeppelin.
The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
Affected configurations
Node
org.apache.zeppelinzeppelin-serverRange0.8.2–0.11.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| org.apache.zeppelin | zeppelin-server | * | cpe:2.3:a:org.apache.zeppelin:zeppelin-server:*:*:*:*:*:*:*:* |
References
Related
nvd
nvd
CVE-2024-31867
2024-04-09 17:16:03
veracode
veracode
Improper Input Validation
2024-04-12 15:08:26
vulnrichment
vulnrichment
cnvd
cnvd
Apache Zeppelin Input Validation Error Vulnerability (CNVD-2024-17937)
2024-04-11 00:00:00
cvelist
cvelist
osv
osv
Apache Zeppelin: LDAP search filter query Injection Vulnerability
2024-04-09 18:30:28
cve
cve
CVE-2024-31867
2024-04-09 17:16:03