1. Home
  2. Vulnerabilities
  3. CVE-2024-31864

CVE-2024-31864

CVSS v3.1 9.8 (Critical)
98% Progress
EPSS 0.04 % (16th)
0.04% Progress
Advisories 1
NVD Status Awaiting Analysis
Info CVSS EPSS CAPEC References Security Advisories Packages & Software Graph Web & Social Timeline

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin.

The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver.
This issue affects Apache Zeppelin: before 0.11.1.

Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Weaknesses
CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE Status
PUBLISHED
NVD Status
Awaiting Analysis
CNA
Apache Software Foundation
Published Date
2024-04-09 16:15:08
(5 months ago)
Updated Date
2024-08-01 13:51:15
(6 weeks ago)