CVE-2019-10095

CWE-77Command InjectionCWE-78OS Command Injection4 documents4 sources
Severity
9.8CRITICAL
EPSS
3.0%
top 13.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache ZeppelinApache Zeppelin
Timeline
PublishedSep 2
Latest updateSep 7

Description

bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDapache/zeppelin0.9.0
CVEListV5apache_software_foundation/apache_zeppelinApache Zeppelin0.9.0

🔴Vulnerability Details

3
OSV
Bash command injection in Apache Zeppelin2021-09-07
GHSA
Bash command injection in Apache Zeppelin2021-09-07
CVEList
bash command injection in spark interpreter2021-09-02
CVE-2019-10095 (CRITICAL CVSS 9.8) | bash command injection vulnerabilit | cvebase.io