CVE-2024-31860

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-31860

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31860.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-31860

Aliases

GHSA-g64r-xf39-q4p5

Published

2024-04-09T09:15:26.293Z

Modified

2026-03-14T12:30:35.652150Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Improper Input Validation vulnerability in Apache Zeppelin.

By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access. This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0.

Users are recommended to upgrade to version 0.11.0, which fixes the issue.

References

Affected packages

Git / github.com/apache/zeppelin

Affected ranges

Type

GIT

Repo

https://github.com/apache/zeppelin

Events

Introduced

ecc4455b1809c01cd17b542273be37fb1ebad8d4

Fixed

523075a498ea6b72109fd817bab95f5d7fcb2829

Database specific

{
    "versions": [
        {
            "introduced": "0.9.0"
        },
        {
            "fixed": "0.11.0"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31860.json"