CVE-2024-31861

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-31861
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

21 Jun 2024, 10:15

Type Values Removed Values Added
References
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/04/10/8', 'source': 'security@apache.org'}
  • {'url': 'https://github.com/apache/zeppelin/pull/4708', 'source': 'security@apache.org'}
  • {'url': 'https://lists.apache.org/thread/99clvqrht5l5r6kzjzwg2kj94boc9sfh', 'source': 'security@apache.org'}
Summary
  • (es) Vulnerabilidad de control inadecuado de generación de código ("inyección de código") en Apache Zeppelin. Los atacantes pueden utilizar el intérprete Shell como puerta de enlace de generación de código y ejecutar el código generado de forma normal. Este problema afecta a Apache Zeppelin: desde 0.10.1 antes de 0.11.1. Se recomienda a los usuarios actualizar a la versión 0.11.1, que no tiene intérprete de Shell de forma predeterminada.
Summary (en) Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attackers can use Shell interpreter as a code generation gateway, and execute the generated code as a normal way. This issue affects Apache Zeppelin: from 0.10.1 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which doesn't have Shell interpreter by default. (en) Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CWE CWE-94

01 May 2024, 18:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/04/10/8 -

11 Apr 2024, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-11 09:15

Updated : 2024-06-21 10:15

NVD link : CVE-2024-31861

Mitre link : CVE-2024-31861

CVE.ORG link : CVE-2024-31861

JSON object : View

Products Affected

No product.

CWE

No CWE.