CVE-2024-31864

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-31864

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31864.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-31864

Aliases

GHSA-66j8-c83m-gj5f

Published

2024-04-09T16:15:08Z

Modified

2025-05-05T22:56:07.223953Z

Summary

[none]

Details

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin.

The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1.

Users are recommended to upgrade to version 0.11.1, which fixes the issue.

References

Affected packages

Git / github.com/apache/zeppelin

Affected ranges

Type: GIT
Repo: https://github.com/apache/zeppelin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4419b4deeac67c0c7a1aeff388fa18ad6a086ddf

Affected versions

v0.*

v0.11.0

v0.11.0-rc1

v0.11.1-rc1