Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-xg8j-j6vp-6h5w: Apache Zeppelin: Missing Origin Validation in WebSockets vulnerability

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin.

The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0.

Users are recommended to upgrade to version 0.12.0, which fixes the issue.

ghsa
Open in Source
#vulnerability#web#apache#git#java#maven
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2024-51775

Apache Zeppelin: Missing Origin Validation in WebSockets vulnerability

Moderate severity GitHub Reviewed Published Aug 3, 2025 to the GitHub Advisory Database • Updated Aug 4, 2025

Package

maven org.apache.zeppelin:zeppelin-shell (Maven)

Affected versions

>= 0.11.1, < 0.12.0

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin.

The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs.
This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0.

Users are recommended to upgrade to version 0.12.0, which fixes the issue.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-51775
  • apache/zeppelin#4823

Published to the GitHub Advisory Database

Aug 3, 2025

ghsa: Latest News

GHSA-qq4c-hm99-979m: IdMap from_iter may lead to uninitialized memory being freed on drop
ghsa