org.apache.zeppelin:zeppelin-jdbc
Maven2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.zeppelin:zeppelin-jdbcpage 1 of 1
- CVE-2024-31864CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.11.12024-04-09
vulnerable: 0.10.0 ... 0.9.0-preview2 (16 versions)
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppel…
- CVE-2024-52279MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.12.02025-08-03
vulnerable: 0.11.1, 0.11.2
Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to …
Check whether org.apache.zeppelin:zeppelin-jdbc is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.zeppelin:zeppelin-jdbc CVEs against the assets you own.
Start Free Scan →