org.apache.zeppelin:zeppelin-server
Maven6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.zeppelin:zeppelin-serverpage 1 of 1
- CVE-2024-31860MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.11.02024-04-09
vulnerable: 0.10.0, 0.10.1, 0.9.0, 0.9.0-preview1, 0.9.0-preview2
Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access. This issue affects Apache Zeppeli…
- CVE-2024-31862MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.11.02024-04-09
vulnerable: 0.10.1
Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issu…
- CVE-2024-31863MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.11.02024-04-09
vulnerable: 0.10.1
Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.
- CVE-2024-31865MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.11.12024-04-09
vulnerable: 0.10.0 ... 0.9.0-preview2 (7 versions)
Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 bef…
- CVE-2024-31867MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.11.12024-04-09
vulnerable: 0.10.0 ... 0.9.0-preview2 (7 versions)
Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Use…
- CVE-2024-41169HIGHCVSS 7.5EG 7.5✓ Fixed in 0.12.02025-07-12
vulnerable: 0.10.1, 0.11.0, 0.11.1, 0.11.2
The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to…
Check whether org.apache.zeppelin:zeppelin-server is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.zeppelin:zeppelin-server CVEs against the assets you own.
Start Free Scan →