Improper Input Validation Affecting org.apache.zeppelin:zeppelin package, versions [,0.10.0)
Threat Intelligence
EPSS
0.16% (54th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGAPACHEZEPPELIN-5759285
- published 7 Jul 2023
- disclosed 6 Jul 2023
- credit Kai Zhao
Introduced: 6 Jul 2023
CVE-2021-28655 Open this link in a new tabHow to fix?
Upgrade org.apache.zeppelin:zeppelin to version 0.10.0 or higher.
Overview
org.apache.zeppelin:zeppelin is a web-based notebook that enables interactive data analytics.
Affected versions of this package are vulnerable to Improper Input Validation in Move folder to Trash feature allowing an attacker to delete arbitrary files.
References
CVSS Scores
version 3.1