org.apache.zeppelin:zeppelin-interpreter

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.apache.zeppelin:zeppelin-interpreterpage 1 of 1

CVE-2024-31866CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.11.1
2024-04-09
vulnerable: 0.10.0 ... 0.9.0-preview2 (7 versions)
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES. This issue affects Apache Zeppelin: f…
CVE-2024-31868MEDIUMCVSS 6.1EG 6.1✓ Fixed in 0.11.1
2024-04-09
vulnerable: 0.10.0 ... 0.9.0-preview2 (7 versions)
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended …
CVE-2024-41169HIGHCVSS 7.5EG 7.5✓ Fixed in 0.12.0
2025-07-12
vulnerable: 0.10.1, 0.11.0, 0.11.1, 0.11.2
The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to…

Check whether org.apache.zeppelin:zeppelin-interpreter is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.zeppelin:zeppelin-interpreter CVEs against the assets you own.

Start Free Scan →