CVE-2024-31868

CVE-2024-31868: Apache Zeppelin: XSS vulnerability in the helium module

Vendor Apache Software Foundation

Product Apache Zeppelin

Weakness CWE-79 · XSS

Published April 9, 2024

Last update November 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Key dates

Disclosure timeline

April 9, 2024 CVE published

November 4, 2024 Record updated