Advisories for Maven/Org.apache.zeppelin/Zeppelin-Interpreter package

2024

Improper escaping in Apache Zeppelin

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Apache Zeppelin vulnerable to cross-site scripting in the helium module

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. Attackers can modify helium.json and perform cross-site scripting attacks on normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.