Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-rrvf-5w4r-3x7v

GitHub Security Advisory

Apache Zeppelin vulnerable to cross-site scripting in the helium module

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.

Attackers can modify `helium.json` and perform cross-site scripting attacks on normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.

Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Affected Packages

Maven org.apache.zeppelin:zeppelin-interpreter
Affected versions: 0.8.2 (fixed in 0.11.1)

Related CVEs

CVE-2024-31868

Key Information

GHSA ID
GHSA-rrvf-5w4r-3x7v
Published
April 9, 2024 6:30 PM
Last Modified
October 3, 2024 6:08 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.apache.zeppelin:zeppelin-interpreter
GitHub Reviewed
✓ Yes

Dataset

Last updated: November 26, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.