OS Command Injection

2021-09-0302:34:56

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.02 Low

EPSS

Percentile

89.0%

zeppelin-zengine is vulnerable to OS command injection. An attacker is able to inject bash commands into Spark interpreter settings.

CPENameOperatorVersion
zeppelin: zenginele0.9.0
zeppelin: zenginele0.9.0

CPE	Name	Operator	Version
	zeppelin: zengine	le	0.9.0
	zeppelin: zengine	le	0.9.0

References

www.openwall.com/lists/oss-security/2021/09/02/1

github.com/apache/zeppelin/commit/8a7e0b87144fba81a22055684441906ad1c327af

lists.apache.org/thread.html/rd56389ba9cab30a6c976b9a4a6df0f85cbe8fba6a60a3cf6e3ba716b@%3Cusers.zeppelin.apache.org%3E

lists.apache.org/thread.html/rdf06e8423833b3daadc30c56a2ff47c48920864d5199476daa897208%40%3Cusers.zeppelin.apache.org%3E

lists.apache.org/thread.html/rdf06e8423833b3daadc30c56a2ff47c48920864d5199476daa897208@%3Cannounce.apache.org%3E

lists.apache.org/thread.html/rdf06e8423833b3daadc30c56a2ff47c48920864d5199476daa897208@%3Cusers.zeppelin.apache.org%3E

0.02 Low

EPSS

Percentile

89.0%

Related for VERACODE:31952