org.apache.zeppelin:zeppelin-server@0.9.0-preview2 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.zeppelin:zeppelin-server package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
SQL Injection

org.apache.zeppelin:zeppelin-server is a web-based notebook that enables interactive data analytics. You can make beautiful data-driven, interactive and collaborative documents with SQL, Scala and more.

Affected versions of this package are vulnerable to SQL Injection via the userquery variable in theShiroAuthenticationService.java component due to improper user input sanitization.

How to fix SQL Injection?

A fix was pushed into the master branch but not yet published.

[0.8.0,)
  • H
SQL Injection

org.apache.zeppelin:zeppelin-server is a web-based notebook that enables interactive data analytics. You can make beautiful data-driven, interactive and collaborative documents with SQL, Scala and more.

Affected versions of this package are vulnerable to SQL Injection. The vulnerable code:


How to fix SQL Injection?

There is no fixed version for org.apache.zeppelin:zeppelin-server.

[0,)