CNNVD-202508-181 Information
CNNVD ID
CNNVD-202508-181
Related CVE
- CNNVD Published: 2025-08-03
Description (Chinese)
Apache Zeppelin是美国阿帕奇(Apache)基金会的一款基于Web的开源笔记本应用程序。该程序支持交互式数据分析和协作文档。 Apache Zeppelin 0.12.0之前版本存在跨站脚本漏洞,该漏洞源于黑名单不完整,可能导致跨站脚本攻击。
Description (English)
Apache Zeppelin is a Web-based open-source laptop application of the Apache Foundation in the United States. This program supports interactive data analysis and collaborative documentation. Pre-Apache Zeppelin 0.12.0 has a cross-site script loophole, which stems from the incomplete blacklist and may lead to cross-site script attacks.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
阿帕奇
Published
2025-08-03
Last Modified
2026-02-24
References
https://github.com/apache/zeppelin/pull/4755 https://github.com/apache/zeppelin/pull/4795 https://lists.apache.org/thread/nwh8vh9f3pnvt04n8z4g2kbddh62blr6 https://access.redhat.com/security/cve/cve-2024-41177
Patch
https://zeppelin.apache.org/download.html
Share on: