CVE-2024-31862

CVE-2024-31862: Apache Zeppelin: Denial of service with invalid notebook name

Vendor Apache Software Foundation

Product Apache Zeppelin

Weakness CWE-20 · Input validation

Published April 9, 2024

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.

Key dates

Disclosure timeline

April 9, 2024 CVE published

February 13, 2025 Record updated