Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Zeppelin
(Apache)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 24 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-09-02 | CVE-2019-10095 | bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. | Zeppelin | 9.8 | ||
| 2019-04-23 | CVE-2017-12619 | Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone". | Zeppelin | 8.1 | ||
| 2019-04-23 | CVE-2018-1317 | In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication. | Zeppelin | 8.8 | ||
| 2019-04-23 | CVE-2018-1328 | Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. Issue reported by "Josna Joseph". | Zeppelin | 6.1 |