Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.
The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
{
"cna_assigner": "apache",
"cwe_ids": [
"CWE-79"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/31xxx/CVE-2024-31868.json"
}