Lucene search
GoogleOSV:GHSA-RRVF-5W4R-3X7VHistoryApr 09, 2024 - 6:30 p.m.
Apache Zeppelin vulnerable to cross-site scripting in the helium module
2024-04-0918:30:22
Google
osv.dev
11
apache zeppelin
cross-site scripting
helium module
vulnerability
upgrade
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.
Attackers can modify helium.json and perform cross-site scripting attacks on normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
Related
cvelist
cvelist
CVE-2024-31868 Apache Zeppelin: XSS vulnerability in the helium module
2024-04-09 16:10:30
cnvd
cnvd
Apache Zeppelin Cross-Site Scripting Vulnerability (CNVD-2024-17939)
2024-04-11 00:00:00
vulnrichment
vulnrichment
CVE-2024-31868 Apache Zeppelin: XSS vulnerability in the helium module
2024-04-09 16:10:30
veracode
veracode
Cross-site Scripting (XSS)
2024-04-12 17:18:19
cve
cve
CVE-2024-31868
2024-04-09 16:15:08
nvd
nvd
CVE-2024-31868
2024-04-09 16:15:08
github
github
Apache Zeppelin vulnerable to cross-site scripting in the helium module
2024-04-09 18:30:22