CVE-2021-28655

CVE-2021-28655: Apache Zeppelin: Arbitrary file deletion vulnerability

Vendor Apache Software Foundation

Product Apache Zeppelin

Weakness CWE-20 · Input validation

Published December 16, 2022

Last update April 17, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

Key dates

Disclosure timeline

December 16, 2022 CVE published

April 17, 2025 Record updated