oss-sec mailing list archives
CVE-2021-28655: Apache Zeppelin: Arbitrary file deletion vulnerability
From: Arnout Engelen <engelen () apache org>
Date: Fri, 16 Dec 2022 12:48:32 +0000
Severity: important Description: The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. Credit: Kai Zhao (finder) References: https://zeppelin.apache.org/ https://www.cve.org/CVERecord?id=CVE-2021-28655
Current thread:
- CVE-2021-28655: Apache Zeppelin: Arbitrary file deletion vulnerability Arnout Engelen (Dec 16)