CVE-2019-10095
CRITICAL9.8EPSS 3.0%Bash command injection in Apache Zeppelin
Published: 9/7/2021Modified: 2/16/2024
Also known as:GHSA-4qw8-pgpr-p9mq
Description
bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
Affected packages (1)
- Maven/org.apache.zeppelin:zeppelinfrom 0, < 0.10.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (10)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-10095
- PATCHhttps://github.com/apache/zeppelin
- WEBhttps://lists.apache.org/thread.html/rd56389ba9cab30a6c976b9a4a6df0f85cbe8fba6a60a3cf6e3ba716b@%3Cusers.zeppelin.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/rd56389ba9cab30a6c976b9a4a6df0f85cbe8fba6a60a3cf6e3ba716b%40%3Cusers.zeppelin.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/rdf06e8423833b3daadc30c56a2ff47c48920864d5199476daa897208@%3Cannounce.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/rdf06e8423833b3daadc30c56a2ff47c48920864d5199476daa897208@%3Cusers.zeppelin.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/rdf06e8423833b3daadc30c56a2ff47c48920864d5199476daa897208%40%3Cannounce.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/rdf06e8423833b3daadc30c56a2ff47c48920864d5199476daa897208%40%3Cusers.zeppelin.apache.org%3E
- WEBhttps://security.gentoo.org/glsa/202311-04
- WEBhttp://www.openwall.com/lists/oss-security/2021/09/02/1