CVE-2024-31867: Apache Zeppelin: LDAP search filter query Injection Vulnerability

April 9, 2024 (updated April 10, 2024)

Improper Input Validation vulnerability in Apache Zeppelin.

The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.

Users are recommended to upgrade to version 0.11.1, which fixes the issue.

References

github.com/advisories/GHSA-qmr3-52xf-wmhx
github.com/apache/zeppelin
github.com/apache/zeppelin/commit/65d0bcc1ee8ec3ec372d0a71ab513cd20e6522a0
github.com/apache/zeppelin/pull/4714
lists.apache.org/thread/s4scw8bxdhrjs0kg0lhb68xqd8y9lrtf
nvd.nist.gov/vuln/detail/CVE-2024-31867

Detect and mitigate CVE-2024-31867 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →