CNNVD-202508-184 Information

CNNVD ID

CNNVD-202508-184

Related CVE

CVE-2024-51775

• CNNVD Published: 2025-08-03

Description (Chinese)

Apache Zeppelin是美国阿帕奇（Apache）基金会的一款基于Web的开源笔记本应用程序。该程序支持交互式数据分析和协作文档。 Apache Zeppelin 0.11.1至0.12.0之前版本存在安全漏洞，该漏洞源于WebSockets缺少来源验证，可能导致信息泄露。

Description (English)

Apache Zeppelin is a Web-based open-source laptop application of the Apache Foundation in the United States. This program supports interactive data analysis and collaborative documentation. Pre-Apache Zeppelin 0.11.1 to 0.12.0 contains a security loophole, which stems from the lack of source verification in WebSockets, which could lead to the disclosure of information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2025-08-03

Last Modified

2026-02-24

References

https://github.com/apache/zeppelin/pull/4823 https://access.redhat.com/security/cve/cve-2024-51775

Patch

https://zeppelin.apache.org/download.html