Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-47894

Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. For more information, the fix already was merged in the source code but Zeppelin decided to retire the SAP component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Published

2024-04-09T10:15:08.343

Last Modified

2025-05-05T20:48:37.760

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-20
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	zeppelin	< 0.11.0	Yes

References

http://www.openwall.com/lists/oss-security/2024/04/09/4 Mailing List ([email protected])
https://github.com/apache/zeppelin/pull/4302 Issue Tracking ([email protected])
https://lists.apache.org/thread/csf4k73kkn3nx58pm0p2qrylbox4fvyy Mailing List, Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2024/04/09/4 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/apache/zeppelin/pull/4302 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread/csf4k73kkn3nx58pm0p2qrylbox4fvyy Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)