org.apache.zeppelin:zeppelin-server@0.7.2 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.zeppelin:zeppelin-server package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
SQL Injection

org.apache.zeppelin:zeppelin-zengine is a web-based notebook that enables interactive data analytics. You can make beautiful data-driven, interactive and collaborative documents with SQL, Scala and more.

Affected versions of the package are vulnerable to SQL Injection via the GetUserList.getUserList method.

How to fix SQL Injection?

Upgrade zeppelin-server to version 0.7.3, 0.8.0 or higher.

[,0.7.3)
  • H
SQL Injection

org.apache.zeppelin:zeppelin-server is a web-based notebook that enables interactive data analytics. You can make beautiful data-driven, interactive and collaborative documents with SQL, Scala and more.

Affected versions of this package are vulnerable to SQL Injection. The vulnerable code:


How to fix SQL Injection?

There is no fixed version for org.apache.zeppelin:zeppelin-server.

[0,)