5.3

CVE-2024-31862

Apache Zeppelin: Denial of service with invalid notebook name

Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0.

Users are recommended to upgrade to version 0.11.0, which fixes the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheZeppelin Version >= 0.10.1 < 0.11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.37% 0.682
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/apache/zeppelin/pull/4632
Patch
Issue Tracking
http://www.openwall.com/lists/oss-security/2024/04/09/5
Mailing List
https://lists.apache.org/thread/73xdjx43yg4yz8bd4p3o8vzyybkysmn0
Vendor Advisory
Mailing List