CVE-2022-47894

Published: Apr 9, 2024Modified: May 5, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. For more information, the fix already was merged in the source code but Zeppelin decided to retire the SAP component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Affected (1)

Products: Apache: Zeppelin

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Zeppelin	From 0.8.0 to 0.11.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://www.openwall.com/lists/oss-security/2024/04/09/4

Source: security@apache.org

Mailing List

https://github.com/apache/zeppelin/pull/4302

Source: security@apache.org

Issue Tracking

https://lists.apache.org/thread/csf4k73kkn3nx58pm0p2qrylbox4fvyy

Source: security@apache.org

Mailing ListVendor Advisory

http://www.openwall.com/lists/oss-security/2024/04/09/4

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://github.com/apache/zeppelin/pull/4302

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://lists.apache.org/thread/csf4k73kkn3nx58pm0p2qrylbox4fvyy

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

Timeline

No history available yet.