oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2021-28655: Apache Zeppelin: Arbitrary file deletion vulnerability

From: Arnout Engelen <engelen () apache org>
Date: Fri, 16 Dec 2022 12:48:32 +0000
Severity: important

Description:

The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to 
delete the arbitrary files.  This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

Credit:

Kai Zhao (finder)

References:

https://zeppelin.apache.org/
https://www.cve.org/CVERecord?id=CVE-2021-28655
Previous By Date Next
Previous By Thread Next

Current thread: