CVE-2019-10095 – org.apache.zeppelin:zeppelin

Package

Manager: maven
Name: org.apache.zeppelin:zeppelin
Vulnerable Version: >=0 <0.10.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.04037 pctl0.88047

Details

Bash command injection in Apache Zeppelin bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

Metadata

Created: 2021-09-07T22:56:43Z
Modified: 2023-11-27T21:44:31Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-4qw8-pgpr-p9mq/GHSA-4qw8-pgpr-p9mq.json
CWE IDs: ["CWE-77", "CWE-78"]
Alternative ID: GHSA-4qw8-pgpr-p9mq
Finding: F404
Auto approve: 1