CVE-2019-10095 (https://lists.apache.org/thread.html/rdf06e8423833b3daadc30c56a2ff47c48920864d5199476daa897208%40%3Cusers.zeppelin.apache.org%3E): https://lists.apache.org/thread.html/rdf06e8423833b3daadc30c56a2ff47c48920864d5199476daa897208@%3Cusers.zeppelin.apache.org%3E bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. CVE-2020-13929 (https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028%40%3Cusers.zeppelin.apache.org%3E): https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028@%3Cusers.zeppelin.apache.org%3E Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. CVE-2021-27578 (https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cusers.zeppelin.apache.org%3E): https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d@%3Cusers.zeppelin.apache.org%3E Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0. Please bump.
Ping Patrice.
Hi! I'll take a look at it this week. Sorry for the delay.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ff271ae26f4bb5d5c3bc311212744938114bb8c5 commit ff271ae26f4bb5d5c3bc311212744938114bb8c5 Author: Patrice Clement <monsieurp@gentoo.org> AuthorDate: 2022-09-04 22:11:25 +0000 Commit: Patrice Clement <monsieurp@gentoo.org> CommitDate: 2022-09-04 22:12:23 +0000 www-apps/zeppelin-bin: add 0.10.1 Bug: https://bugs.gentoo.org/811447 Signed-off-by: Patrice Clement <monsieurp@gentoo.org> www-apps/zeppelin-bin/Manifest | 1 + www-apps/zeppelin-bin/zeppelin-bin-0.10.1.ebuild | 53 ++++++++++++++++++++++++ 2 files changed, 54 insertions(+)
Please stabilize when ready.
Ah, was added to the tree straight to stable.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=099b87bb19d410a8fb20bdbdebdb4632992e226a commit 099b87bb19d410a8fb20bdbdebdb4632992e226a Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-01-06 17:28:25 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-01-06 17:29:08 +0000 www-apps/zeppelin-bin: drop 0.8.2-r1 Bug: https://bugs.gentoo.org/811447 Signed-off-by: John Helmert III <ajak@gentoo.org> www-apps/zeppelin-bin/Manifest | 1 - www-apps/zeppelin-bin/zeppelin-bin-0.8.2-r1.ebuild | 40 ---------------------- 2 files changed, 41 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=fdaf7c136ad965928c3b25530d6c027b03ac1422 commit fdaf7c136ad965928c3b25530d6c027b03ac1422 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-11-24 13:19:41 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-11-24 13:20:18 +0000 [ GLSA 202311-04 ] Zeppelin: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/811447 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202311-04.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+)