CVE-2024-31868 Information
Apr 10, 2024
cve
Description
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.
The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1 which fixes the issue.
Reference
https://github.com/apache/zeppelin/pull/4728 https://lists.apache.org/thread/55mqs673plsxmgnq7fdf2flftpllyf11
Share on: