CVE-2021-28656: Apache Zeppelin CSRF vulnerability in the Credentials page

April 9, 2024

Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

References

github.com/advisories/GHSA-prvg-rh5h-74jr
github.com/apache/zeppelin
lists.apache.org/thread/dttzkkv4qyn1rq2fdv1r94otb1osxztc
nvd.nist.gov/vuln/detail/CVE-2021-28656

Code Behaviors & Features

Detect and mitigate CVE-2021-28656 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →