CVE-2019-10095
- Source
- https://cve.org/CVERecord?id=CVE-2019-10095
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10095.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-10095
- Aliases
- Published
- 2021-09-02T17:15:07.787Z
- Modified
- 2025-11-20T10:54:01.299206Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
- References
-
- https://lists.apache.org/thread.html/rd56389ba9cab30a6c976b9a4a6df0f85cbe8fba6a60a3cf6e3ba716b%40%3Cusers.zeppelin.apache.org%3E
- https://lists.apache.org/thread.html/rdf06e8423833b3daadc30c56a2ff47c48920864d5199476daa897208%40%3Cannounce.apache.org%3E
- http://www.openwall.com/lists/oss-security/2021/09/02/1
- https://lists.apache.org/thread.html/rdf06e8423833b3daadc30c56a2ff47c48920864d5199476daa897208%40%3Cusers.zeppelin.apache.org%3E
- https://security.gentoo.org/glsa/202311-04