CNNVD-202508-182 Information
CNNVD ID
CNNVD-202508-182
Related CVE
- CNNVD Published: 2025-08-03
Description (Chinese)
Apache Zeppelin是美国阿帕奇(Apache)基金会的一款基于Web的开源笔记本应用程序。该程序支持交互式数据分析和协作文档。 Apache Zeppelin 0.11.1至0.12.0之前版本存在输入验证错误漏洞,该漏洞源于输入验证不足,可能导致安全问题。
Description (English)
Apache Zeppelin is a Web-based open-source laptop application of the Apache Foundation in the United States. This program supports interactive data analysis and collaborative documentation. Pre-Apache Zeppelin 0.11.1 to 0.12.0 contains input-validation error holes, which stem from inadequate input-certification and may lead to security problems.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
阿帕奇
Published
2025-08-03
Last Modified
2026-02-24
References
https://issues.apache.org/jira/browse/ZEPPELIN-6095 https://www.cve.org/CVERecord?id=CVE-2024-31864 https://lists.apache.org/thread/dxb98vgrb21rrl3k0fzonpk66onr6o4q https://github.com/apache/zeppelin/pull/4838 https://access.redhat.com/security/cve/cve-2024-52279
Patch
https://zeppelin.apache.org/download.html
Share on: