6 matches found
CVE-2024-52279
Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...
CVE-2024-52279
creationtimestamp| type| source ---|---|--- 2025-08-03 14:03:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvittswm732d 2025-08-03 15:52:05+00:00| seen| https://seclists.org/oss-sec/2025/q3/72 2025-08-03 18:22:49+00:00| seen|...
CVE-2024-52279
Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...
CVE-2024-52279 Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string
Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...
CVE-2024-52279 Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string
Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...
CVE-2024-52279
CVE-2024-52279 affects Apache Zeppelin (0.11.1 before 0.12.0). The issue is an improper input validation in the JDBC URL handling that did not account for URL-encoded input, enabling an attack via a malicious JDBC connection string and potentially leading to arbitrary file read. The evidence link...