Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Apache Zeppelin — Vulnerabilities & Security Advisories 21

All 21 CVE vulnerabilities found in Apache Zeppelin, with AI-generated Chinese analysis, references, and POCs.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPaused
CVE-2024-51775 Apache Zeppelin: Command Injection via CSWSH CWE-1385 5.3 -2025-08-03
CVE-2024-41177 Apache Zeppelin: XSS in the Helium module CWE-79 6.1 -2025-08-03
CVE-2024-52279 Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string CWE-20 9.1 -2025-08-03
CVE-2024-41169 Apache Zeppelin: raft directory listing and file read CWE-664 7.5AIHighAI2025-07-12
CVE-2024-31867 Apache Zeppelin: LDAP search filter query Injection Vulnerability CWE-20 9.8AICriticalAI2024-04-09
CVE-2024-31868 Apache Zeppelin: XSS vulnerability in the helium module CWE-79 5.4AIMediumAI2024-04-09
CVE-2024-31866 Apache Zeppelin: Interpreter download command does not escape malicious code injection CWE-116 9.8AICriticalAI2024-04-09
CVE-2024-31865 Apache Zeppelin: Cron arbitrary user impersonation with improper privileges CWE-20 9.8AICriticalAI2024-04-09
CVE-2024-31864 Apache Zeppelin: Remote code execution by adding malicious JDBC connection string CWE-94 9.8AICriticalAI2024-04-09
CVE-2024-31863 Apache Zeppelin: Replacing other users notebook, bypassing any permissions CWE-290 9.1AICriticalAI2024-04-09
CVE-2024-31862 Apache Zeppelin: Denial of service with invalid notebook name CWE-20 9.1AICriticalAI2024-04-09
CVE-2021-28656 Apache Zeppelin: CSRF vulnerability in the Credentials page CWE-352 8.8AIHighAI2024-04-09
CVE-2024-31860 Apache Zeppelin: Path traversal vulnerability CWE-22 6.5AIMediumAI2024-04-09
CVE-2022-46870 Apache Zeppelin: Stored XSS in note permissions CWE-79 5.4 -2022-12-16
CVE-2021-28655 Apache Zeppelin: Arbitrary file deletion vulnerability CWE-20 8.2 -2022-12-16
CVE-2021-27578 Cross Site Scripting in markdown interpreter 6.1 -2021-09-02
CVE-2020-13929 Notebook permissions bypass 9.8 -2021-09-02
CVE-2019-10095 bash command injection in spark interpreter 9.8 -2021-09-02
CVE-2018-1328 Apache Zeppelin 跨站脚本漏洞 5.4 -2019-04-23
CVE-2018-1317 Apache Zeppelin 授权问题漏洞 8.8 -2019-04-23
CVE-2017-12619 Apache Zeppelin 授权问题漏洞 8.1 -2019-04-23

All 21 known CVE vulnerabilities affecting Apache Zeppelin with full Chinese analysis, references, and POCs where available.