Description
bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
Remediation
References
https://lists.apache.org/thread.html/rdf06e8423833b3daadc30c56a2ff47c48920864d5199476daa897208%40%3Cusers.zeppelin.apache.org%3E
http://www.openwall.com/lists/oss-security/2021/09/02/1
https://lists.apache.org/thread.html/rdf06e8423833b3daadc30c56a2ff47c48920864d5199476daa897208%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rd56389ba9cab30a6c976b9a4a6df0f85cbe8fba6a60a3cf6e3ba716b%40%3Cusers.zeppelin.apache.org%3E
https://security.gentoo.org/glsa/202311-04
Related Vulnerabilities
CVE-2023-0105 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2022-43414 Vulnerability in maven package org.jenkins-ci.plugins:nunit
CVE-2021-29425 Vulnerability in maven package commons-io:commons-io
CVE-2023-35165 Vulnerability in npm package @aws-cdk/aws-eks
CVE-2023-6293 Vulnerability in npm package sequelize-typescript