Lucene search
GitHub Advisory DatabaseGHSA-RRVF-5W4R-3X7VHistoryApr 09, 2024 - 6:30 p.m.
Apache Zeppelin vulnerable to cross-site scripting in the helium module
2024-04-0918:30:22
CWE-79
CWE-116
GitHub Advisory Database
github.com
4
apache zeppelin
cross-site scripting
helium module
vulnerability
improper encoding
upgrade
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.
Attackers can modify helium.json and perform cross-site scripting attacks on normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
Affected configurations
Node
org.apache.zeppelinzeppelin-interpreterRange0.8.2–0.11.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| org.apache.zeppelin | zeppelin-interpreter | * | cpe:2.3:a:org.apache.zeppelin:zeppelin-interpreter:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2024-31868 Apache Zeppelin: XSS vulnerability in the helium module
2024-04-09 16:10:30
cnvd
cnvd
Apache Zeppelin Cross-Site Scripting Vulnerability (CNVD-2024-17939)
2024-04-11 00:00:00
vulnrichment
vulnrichment
CVE-2024-31868 Apache Zeppelin: XSS vulnerability in the helium module
2024-04-09 16:10:30
veracode
veracode
Cross-site Scripting (XSS)
2024-04-12 17:18:19
cve
cve
CVE-2024-31868
2024-04-09 16:15:08
nvd
nvd
CVE-2024-31868
2024-04-09 16:15:08
osv
osv
Apache Zeppelin vulnerable to cross-site scripting in the helium module
2024-04-09 18:30:22