📦 Zeppelin

This CVE-2024-31864 is a code injection vulnerability in Apache Zeppelin that allows attackers to execute arbitrary code when connecting to MySQL databases via JDBC drivers. It affects all Apache Zepp...

This vulnerability in Apache Zeppelin allows attackers to execute arbitrary shell scripts or malicious code by manipulating configuration variables like ZEPPELIN_INTP_CLASSPATH_OVERRIDES. It affects A...

This CVE describes a command injection vulnerability in Apache Zeppelin's Spark interpreter settings that allows authenticated users to execute arbitrary system commands on the underlying server. The ...

This CVE describes a missing origin validation vulnerability in Apache Zeppelin's WebSocket implementation. Attackers can bypass same-origin policy restrictions to access the Zeppelin server from unau...

Apache Zeppelin versions before 0.12.0 have an incomplete blacklist that fails to properly sanitize user input, allowing attackers to inject malicious scripts. This Cross-Site Scripting (XSS) vulnerab...

This vulnerability allows attackers to bypass JDBC URL validation in Apache Zeppelin by using URL-encoded input, potentially enabling unauthorized database connections or other injection attacks. It a...