GHSA-gm67-h5wr-w3cv

Source

https://github.com/advisories/GHSA-gm67-h5wr-w3cv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-gm67-h5wr-w3cv/GHSA-gm67-h5wr-w3cv.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-gm67-h5wr-w3cv

Aliases

CVE-2021-28655

Published

2023-07-06T19:24:05Z

Modified

2024-02-16T08:14:41.034081Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator

Summary

Apache Zeppelin Improper Input Validation vulnerability

Details

The improper Input Validation vulnerability in Move folder to Trash feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

Database specific

{
    "nvd_published_at": "2022-12-16T13:15:00Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-06T21:44:43Z"
}

References

Affected packages

Maven / org.apache.zeppelin:zeppelin

Package

Name: org.apache.zeppelin:zeppelin; View open source insights on deps.dev
Purl: pkg:maven/org.apache.zeppelin/zeppelin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.0

Affected versions

0.*

0.5.0-incubating

0.6.0

0.6.1

0.6.2

0.7.0

0.7.1

0.7.2

0.7.3

0.8.0

0.8.1

0.8.2

0.9.0

0.9.0-preview1

0.9.0-preview2