CVE-2024-31868
published 2024-04-09CVE-2024-31868: Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.
The attackers can modify helium.json and exposure XSS attacks to normal users.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | zeppelin | >= 0.8.2 < 0.11.1 | 0.11.1 |
| apache_software_foundation | apache_zeppelin | >= 0.8.2 < 0.11.1 | 0.11.1 |