[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2024-31867: Apache Zeppelin: LDAP search filter query Injection Vulnerability
From: Jongyoul Lee <jongyoul () apache ! org>
Date: 2024-04-09 15:06:59
Message-ID: 87ad01a6-f153-2d83-84a1-28a0a054b224 () apache ! org
[Download RAW message or body]
Severity: moderate
Affected versions:
- Apache Zeppelin 0.8.2 before 0.11.1
Description:
Improper Input Validation vulnerability in Apache Zeppelin.
The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
Credit:
Qing Xu (finder)
References:
https://github.com/apache/zeppelin/pull/4714
https://zeppelin.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-31867
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic