In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade org.apache.zeppelin:zeppelin-server
to version 0.11.0 or higher.
org.apache.zeppelin:zeppelin-server is a web-based notebook that enables interactive data analytics. You can make beautiful data-driven, interactive and collaborative documents with SQL, Scala and more.
Affected versions of this package are vulnerable to SQL Injection via the userquery
variable in theShiroAuthenticationService.java
component due to improper user input sanitization.