CVE-2024-31866 (GCVE-0-2024-31866)
Vulnerability from cvelistv5 – Published: 2024-04-09 16:09 – Updated: 2025-02-13 17:51
VLAI?
Title
Apache Zeppelin: Interpreter download command does not escape malicious code injection
Summary
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.
The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Zeppelin |
Affected:
0.8.2 , < 0.11.1
(semver)
|
Credits
Esa Hiltunen
https://teragrep.com
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/apache/zeppelin/pull/4715"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/jpkbq3oktopt34x2n5wnhzc2r1410ddd"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/09/10"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache_software_foundation:apache_zeppelin:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apache_zeppelin",
"vendor": "apache_software_foundation",
"versions": [
{
"lessThan": "0.11.1",
"status": "affected",
"version": "0.8.2",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31866",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T13:59:15.091777Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T14:33:03.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.zeppelin:zeppelin-interpreter",
"product": "Apache Zeppelin",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "0.11.1",
"status": "affected",
"version": "0.8.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Esa Hiltunen"
},
{
"lang": "en",
"type": "finder",
"value": "https://teragrep.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.\u003cbr\u003e\u003cbr\u003eThe attackers can execute shell scripts or malicious code by overriding configuration like\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eZEPPELIN_INTP_CLASSPATH_OVERRIDES.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 0.11.1, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.\n\nThe attackers can execute shell scripts or malicious code by overriding configuration like\u00a0ZEPPELIN_INTP_CLASSPATH_OVERRIDES.\nThis issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.\n\nUsers are recommended to upgrade to version 0.11.1, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T18:07:49.092Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/zeppelin/pull/4715"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/jpkbq3oktopt34x2n5wnhzc2r1410ddd"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/09/10"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Zeppelin: Interpreter download command does not escape malicious code injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-31866",
"datePublished": "2024-04-09T16:09:12.117Z",
"dateReserved": "2024-04-06T11:51:00.551Z",
"dateUpdated": "2025-02-13T17:51:59.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.\\n\\nThe attackers can execute shell scripts or malicious code by overriding configuration like\\u00a0ZEPPELIN_INTP_CLASSPATH_OVERRIDES.\\nThis issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.\\n\\nUsers are recommended to upgrade to version 0.11.1, which fixes the issue.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de codificaci\\u00f3n o escape de salida inadecuados en Apache Zeppelin. Los atacantes pueden ejecutar scripts de shell o c\\u00f3digo malicioso anulando configuraciones como ZEPPELIN_INTP_CLASSPATH_OVERRIDES. Este problema afecta a Apache Zeppelin: desde 0.8.2 antes de 0.11.1. Se recomienda a los usuarios actualizar a la versi\\u00f3n 0.11.1, que soluciona el problema.\"}]",
"id": "CVE-2024-31866",
"lastModified": "2024-11-21T09:14:03.150",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2024-04-09T16:15:08.307",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/09/10\", \"source\": \"security@apache.org\"}, {\"url\": \"https://github.com/apache/zeppelin/pull/4715\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread/jpkbq3oktopt34x2n5wnhzc2r1410ddd\", \"source\": \"security@apache.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/09/10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/apache/zeppelin/pull/4715\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread/jpkbq3oktopt34x2n5wnhzc2r1410ddd\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-116\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-31866\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-04-09T16:15:08.307\",\"lastModified\":\"2025-05-05T20:09:58.807\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.\\n\\nThe attackers can execute shell scripts or malicious code by overriding configuration like\u00a0ZEPPELIN_INTP_CLASSPATH_OVERRIDES.\\nThis issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.\\n\\nUsers are recommended to upgrade to version 0.11.1, which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de codificaci\u00f3n o escape de salida inadecuados en Apache Zeppelin. Los atacantes pueden ejecutar scripts de shell o c\u00f3digo malicioso anulando configuraciones como ZEPPELIN_INTP_CLASSPATH_OVERRIDES. Este problema afecta a Apache Zeppelin: desde 0.8.2 antes de 0.11.1. Se recomienda a los usuarios actualizar a la versi\u00f3n 0.11.1, que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-116\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.8.2\",\"versionEndExcluding\":\"0.11.1\",\"matchCriteriaId\":\"891BB3D1-5B35-4211-B5D8-9F472D668858\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/09/10\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://github.com/apache/zeppelin/pull/4715\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://lists.apache.org/thread/jpkbq3oktopt34x2n5wnhzc2r1410ddd\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/09/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://github.com/apache/zeppelin/pull/4715\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://lists.apache.org/thread/jpkbq3oktopt34x2n5wnhzc2r1410ddd\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/apache/zeppelin/pull/4715\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread/jpkbq3oktopt34x2n5wnhzc2r1410ddd\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/09/10\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T01:59:50.665Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-31866\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-21T13:59:15.091777Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apache_software_foundation:apache_zeppelin:*:*:*:*:*:*:*:*\"], \"vendor\": \"apache_software_foundation\", \"product\": \"apache_zeppelin\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.8.2\", \"lessThan\": \"0.11.1\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-21T14:32:48.445Z\"}}], \"cna\": {\"title\": \"Apache Zeppelin: Interpreter download command does not escape malicious code injection\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Esa Hiltunen\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"https://teragrep.com\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"moderate\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Zeppelin\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.8.2\", \"lessThan\": \"0.11.1\", \"versionType\": \"semver\"}], \"packageName\": \"org.apache.zeppelin:zeppelin-interpreter\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/apache/zeppelin/pull/4715\", \"tags\": [\"patch\"]}, {\"url\": \"https://lists.apache.org/thread/jpkbq3oktopt34x2n5wnhzc2r1410ddd\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/09/10\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.\\n\\nThe attackers can execute shell scripts or malicious code by overriding configuration like\\u00a0ZEPPELIN_INTP_CLASSPATH_OVERRIDES.\\nThis issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.\\n\\nUsers are recommended to upgrade to version 0.11.1, which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.\u003cbr\u003e\u003cbr\u003eThe attackers can execute shell scripts or malicious code by overriding configuration like\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eZEPPELIN_INTP_CLASSPATH_OVERRIDES.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 0.11.1, which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-116\", \"description\": \"CWE-116 Improper Encoding or Escaping of Output\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-05-01T18:07:49.092Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-31866\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:51:59.550Z\", \"dateReserved\": \"2024-04-06T11:51:00.551Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-04-09T16:09:12.117Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…