Description

The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

Remediation

References

https://lists.apache.org/thread/bxs056g3xlsofz0jb3wny9dw4llwptd2

Related Vulnerabilities

CVE-2021-22112 Vulnerability in maven package org.springframework.security:spring-security-core

CVE-2023-34462 Vulnerability in maven package io.netty:netty-handler

CVE-2020-2247 Vulnerability in maven package org.jenkins-ci.plugins:klocwork

CVE-2023-34396 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2023-49299 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-master

Severity

High

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Tags

Mailing List Vendor Advisory