Home > Vulnerability Database > CVE-2024-31864

Mend.io Vulnerability Database

CVE-2024-31864

Good to know:

Date: April 9, 2024

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Language: Java

Severity Score

9.8

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-31864

Url: https://github.com/apache/zeppelin/commit/e65b5430e43c076c138a1f56e3f2aba1324118f2

Url: http://www.openwall.com/lists/oss-security/2024/04/09/8

Url: https://github.com/apache/zeppelin/pull/4709

Url: https://lists.apache.org/thread/752qdk0rnkd9nqtornz734zwb7xdwcdb

Url: https://www.cve.org/CVERecord?id=CVE-2020-11974

Url: https://www.mend.io/vulnerability-database/CVE-2024-31864

Severity Score

9.8

Weakness Type (CWE)

Code Injection

CWE-94

Top Fix

Upgrade Version

Upgrade to version org.apache.zeppelin:zeppelin-jdbc:0.11.1

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-31864

Good to know:

Date: April 9, 2024

Language: Java

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?