Description

The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

Remediation

References

https://lists.apache.org/thread/bxs056g3xlsofz0jb3wny9dw4llwptd2

Related Vulnerabilities

CVE-2023-42794 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2021-33609 Vulnerability in maven package com.vaadin:vaadin-server

CVE-2021-21617 Vulnerability in maven package org.jenkins-ci.plugins: configurationslicing

CVE-2023-31101 Vulnerability in maven package org.apache.inlong:manager-dao

CVE-2023-22946 Vulnerability in maven package org.apache.spark:spark-core_2.13

Severity

High

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Tags

Mailing List Vendor Advisory