Lucene search

Veracode Vulnerability DatabaseVERACODE:46320

HistoryApr 10, 2024 - 11:50 a.m.

XML External Entity Injection

2024-04-1011:50:53

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

xml external entity injection

apache zeppelin

sap

xml validation

software

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

org.apache.zeppelin: sap is vulnerable to XML External Entity Injection. This vulnerability is due to a lack of proper XML validation.

CPENameOperatorVersion
zeppelin: saple0.10.1
zeppelin: saple0.10.1

CPE	Name	Operator	Version
	zeppelin: sap	le	0.10.1
	zeppelin: sap	le	0.10.1

References

www.openwall.com/lists/oss-security/2024/04/09/4

github.com/advisories/GHSA-rr59-h6rh-v84v

github.com/apache/zeppelin/commit/bea51d1467d6103bd8fd68d6a27b14f954d98ec6

github.com/apache/zeppelin/pull/4302

lists.apache.org/thread/csf4k73kkn3nx58pm0p2qrylbox4fvyy