CVE-2024-31867

Source
https://cve.org/CVERecord?id=CVE-2024-31867
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31867.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-31867
Aliases
Published
2024-04-09T16:15:47.978Z
Modified
2026-07-08T06:27:28.250344122Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Apache Zeppelin: LDAP search filter query Injection Vulnerability
Details

Improper Input Validation vulnerability in Apache Zeppelin.

The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.

Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/31xxx/CVE-2024-31867.json",
    "cna_assigner": "apache",
    "cwe_ids": [
        "CWE-20"
    ]
}
References

Affected packages

Git / github.com/apache/zeppelin

Affected ranges

Type
GIT
Repo
https://github.com/apache/zeppelin
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0.8.2"
        },
        {
            "fixed": "0.11.1"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31867.json"