GHSA-6623-c6mr-6737
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6623-c6mr-6737
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-6623-c6mr-6737/GHSA-6623-c6mr-6737.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-6623-c6mr-6737
- Aliases
-
- CVE-2024-31862
- Published
- 2024-04-09T12:30:47Z
- Modified
- 2024-05-02T19:17:04.388762Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- Apache Zeppelin: Denial of service with invalid notebook name
- Details
-
Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI. This issue affects Apache Zeppelin from 0.10.1 before 0.11.0.
Users are recommended to upgrade to version 0.11.0, which fixes the issue.
- Database specific
{ "nvd_published_at": "2024-04-09T10:15:08Z", "cwe_ids": [ "CWE-20" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-04-09T16:28:05Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-31862
- https://github.com/apache/zeppelin/pull/4632
- https://github.com/apache/zeppelin/commit/f025a697c1d1d0264064d5adf6cb0b20d85041b6
- https://github.com/apache/zeppelin
- https://lists.apache.org/thread/73xdjx43yg4yz8bd4p3o8vzyybkysmn0
- http://www.openwall.com/lists/oss-security/2024/04/09/5
Affected packages
Maven / org.apache.zeppelin:zeppelin-server
Package
- Name
- org.apache.zeppelin:zeppelin-server
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.zeppelin/zeppelin-server