Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PRP: Request Code Injection in Apache Zeppelin shell (CVE-2024-31861) #499

Open
W0ngL1 opened this issue Jun 6, 2024 · 0 comments
Open

PRP: Request Code Injection in Apache Zeppelin shell (CVE-2024-31861) #499

W0ngL1 opened this issue Jun 6, 2024 · 0 comments
Assignees
@W0ngL1
Labels
Contributor queue When a contributor has already one issue/PR in review, we put the following ones on hold with this.

Comments

@W0ngL1
Copy link
Contributor

W0ngL1 commented Jun 6, 2024

Hi there.

I would like to start implementing a plugin to detect Code Injection in Apache Zeppelin shell (CVE-2024-31861). This vulnerability was published on April 2024.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-31861

Description:
Apache Zeppelin is an open-source web-based notebook that enables data-driven, interactive data analytics and collaborative documents. It is designed to support a wide variety of data sources and provide powerful visualization tools, making it a versatile platform for data scientists, data engineers, and analysts.

Affected Versions:
0.10.1 <= Apache Zeppelin < 0.11.1

Thanks.
@tooryx tooryx added the Contributor queue When a contributor has already one issue/PR in review, we put the following ones on hold with this. label Jul 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@W0ngL1 W0ngL1

Labels
Contributor queue When a contributor has already one issue/PR in review, we put the following ones on hold with this.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tooryx @W0ngL1