CVE-2024-51775
Essential information
- Published
- 03/08/2025 11:15
- Modified
- 04/08/2025 15:06
- Author
- —
- Creator
- —
- CISA KEV
- No
- CWE
- —
- CVSS vector
- — — —
Description
Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin.
The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs.
This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0.
Users are recommended to upgrade to version 0.12.0, which fixes the issue.
NVD status
- Status
- Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| apache / zeppelin | cpe:2.3:a:apache:zeppelin:0.11.1-*:*:*:*:*:*:* |
| apache / zeppelin | cpe:2.3:a:apache:zeppelin:<0.12.0:*:*:*:*:*:*:* |