Lucene search
ApacheVULNRICHMENT:CVE-2024-31868HistoryApr 09, 2024 - 4:10 p.m.
CVE-2024-31868 Apache Zeppelin: XSS vulnerability in the helium module
2024-04-0916:10:30
CWE-116
apache
github.com
apache zeppelin
xss vulnerability
helium module
improper encoding
exposure
normal users
upgrade to version 0.11.1
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.
The attackers can modify helium.json and exposure XSS attacks to normal users.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
Related
cvelist
cvelist
CVE-2024-31868 Apache Zeppelin: XSS vulnerability in the helium module
2024-04-09 16:10:30
cnvd
cnvd
Apache Zeppelin Cross-Site Scripting Vulnerability (CNVD-2024-17939)
2024-04-11 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2024-04-12 17:18:19
nvd
nvd
CVE-2024-31868
2024-04-09 16:15:08
osv
osv
Apache Zeppelin vulnerable to cross-site scripting in the helium module
2024-04-09 18:30:22
github
github
Apache Zeppelin vulnerable to cross-site scripting in the helium module
2024-04-09 18:30:22
cve
cve
CVE-2024-31868
2024-04-09 16:15:08
AI Score
6.1
Confidence
High
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-31868