CVE-2024-31867

CVE-2024-31867: Apache Zeppelin: LDAP search filter query Injection Vulnerability

Vendor Apache Software Foundation

Product Apache Zeppelin

Weakness CWE-20 · Input validation

Published April 9, 2024

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Key dates

Disclosure timeline

April 9, 2024 CVE published

February 13, 2025 Record updated