CVE-2024-31862: Apache Zeppelin: Denial of service with invalid notebook name

April 9, 2024 (updated February 13, 2025)

Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin’s UI. This issue affects Apache Zeppelin from 0.10.1 before 0.11.0.

Users are recommended to upgrade to version 0.11.0, which fixes the issue.

References

github.com/advisories/GHSA-6623-c6mr-6737
github.com/apache/zeppelin
github.com/apache/zeppelin/commit/f025a697c1d1d0264064d5adf6cb0b20d85041b6
github.com/apache/zeppelin/pull/4632
lists.apache.org/thread/73xdjx43yg4yz8bd4p3o8vzyybkysmn0
nvd.nist.gov/vuln/detail/CVE-2024-31862

Code Behaviors & Features

Detect and mitigate CVE-2024-31862 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →