Vulnerabilities > Apache > Zeppelin > 0.8.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-16 | CVE-2021-28655 | Unspecified vulnerability in Apache Zeppelin The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files. | 6.5 |
2022-12-16 | CVE-2022-46870 | Unspecified vulnerability in Apache Zeppelin An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers. This issue affects Apache Zeppelin before 0.8.2. | 5.4 |
2021-09-02 | CVE-2019-10095 | Command Injection vulnerability in Apache Zeppelin bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. | 9.8 |
2021-09-02 | CVE-2020-13929 | Unspecified vulnerability in Apache Zeppelin Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. | 7.5 |
2021-09-02 | CVE-2021-27578 | Cross-site Scripting vulnerability in Apache Zeppelin Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. | 6.1 |