Improper Control of Generation of Code ('Code Injection')...
Unreviewed
Published
Apr 11, 2024
to the GitHub Advisory Database
•
Updated May 1, 2024
Description
Published by the National Vulnerability Database
Apr 11, 2024
Published to the GitHub Advisory Database
Apr 11, 2024
Last updated
May 1, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin.
The attackers can use Shell interpreter as a code generation gateway, and execute the generated code as a normal way.
This issue affects Apache Zeppelin: from 0.10.1 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which doesn't have Shell interpreter by default.
References