CVE-2024-31864

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

CVSS

No CVSS.

References

Link	Resource
http://www.openwall.com/lists/oss-security/2024/04/09/8
https://github.com/apache/zeppelin/pull/4709
https://lists.apache.org/thread/752qdk0rnkd9nqtornz734zwb7xdwcdb
https://www.cve.org/CVERecord?id=CVE-2020-11974

Configurations

No configuration.

History

01 May 2024, 18:15

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2024/04/09/8 -
Summary		(es) Vulnerabilidad de control inadecuado de generación de código ("inyección de código") en Apache Zeppelin. El atacante puede inyectar configuración confidencial o código malicioso al conectar la base de datos MySQL a través del controlador JDBC. Este problema afecta a Apache Zeppelin: anteriores a 0.11.1. Se recomienda a los usuarios actualizar a la versión 0.11.1, que soluciona el problema.

09 Apr 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-09 16:15

Updated : 2024-05-01 18:15

NVD link : CVE-2024-31864

Mitre link : CVE-2024-31864

CVE.ORG link : CVE-2024-31864

JSON object : View

Products Affected

No product.

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

JSON object

Attach tags to CVE-2024-31864

Attach tags to `CVE-2024-31864`