Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xbXIzLTUyeGYtd21oeM4AA6yr
Apache Zeppelin: LDAP search filter query Injection Vulnerability
Improper Input Validation vulnerability in Apache Zeppelin.
The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
Permalink: https://github.com/advisories/GHSA-qmr3-52xf-wmhxJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xbXIzLTUyeGYtd21oeM4AA6yr
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 24 days ago
Updated: about 21 hours ago
CVSS Score: 5.9
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-qmr3-52xf-wmhx, CVE-2024-31867
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-31867
- https://github.com/apache/zeppelin/pull/4714
- https://lists.apache.org/thread/s4scw8bxdhrjs0kg0lhb68xqd8y9lrtf
- https://github.com/apache/zeppelin/commit/65d0bcc1ee8ec3ec372d0a71ab513cd20e6522a0
- http://www.openwall.com/lists/oss-security/2024/04/09/12
- https://github.com/advisories/GHSA-qmr3-52xf-wmhx
Blast Radius: 10.2
Affected Packages
maven:org.apache.zeppelin:zeppelin-server
Dependent packages: 0Dependent repositories: 54
Downloads:
Affected Version Ranges: >= 0.8.2, < 0.11.1
Fixed in: 0.11.1
All affected versions: 0.8.2, 0.9.0, 0.10.0, 0.10.1, 0.11.0
All unaffected versions: 0.6.0, 0.6.1, 0.6.2, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.8.0, 0.8.1, 0.11.1