Podatność CVE-2024-31864
Publikacja: 2024-04-09

Opis:
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin.

The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver.
This issue affects Apache Zeppelin: before 0.11.1.

Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Typ:

CWE-94

 (Improper Control of Generation of Code ('Code Injection'))

 Referencje:
https://github.com/apache/zeppelin/pull/4709
https://www.cve.org/CVERecord?id=CVE-2020-11974
https://lists.apache.org/thread/752qdk0rnkd9nqtornz734zwb7xdwcdb
Copyright 2024, cxsecurity.com

 

Back to Top