Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 811447 (CVE-2019-10095, CVE-2020-13929, CVE-2021-27578) - <www-apps/zeppelin-bin-0.10.1: multiple vulnerabilities (CVE-2019-10095, CVE-2020-13929, CVE-2021-27578)
Summary: <www-apps/zeppelin-bin-0.10.1: multiple vulnerabilities (CVE-2019-10095, CVE-...
Status: IN_PROGRESS
Alias: CVE-2019-10095, CVE-2020-13929, CVE-2021-27578
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [stable?]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-09-02 19:04 UTC by John Helmert III
Modified: 2022-09-05 16:39 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-02 19:04:18 UTC
CVE-2019-10095 (https://lists.apache.org/thread.html/rdf06e8423833b3daadc30c56a2ff47c48920864d5199476daa897208%40%3Cusers.zeppelin.apache.org%3E):
https://lists.apache.org/thread.html/rdf06e8423833b3daadc30c56a2ff47c48920864d5199476daa897208@%3Cusers.zeppelin.apache.org%3E

bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

CVE-2020-13929 (https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028%40%3Cusers.zeppelin.apache.org%3E):
https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028@%3Cusers.zeppelin.apache.org%3E

Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

CVE-2021-27578 (https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cusers.zeppelin.apache.org%3E):
https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d@%3Cusers.zeppelin.apache.org%3E

Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0.


Please bump.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-15 05:08:13 UTC
Ping Patrice.
Comment 2 Patrice Clement gentoo-dev 2022-08-16 09:36:51 UTC
Hi! I'll take a look at it this week. Sorry for the delay.
Comment 3 Larry the Git Cow gentoo-dev 2022-09-04 22:12:30 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ff271ae26f4bb5d5c3bc311212744938114bb8c5

commit ff271ae26f4bb5d5c3bc311212744938114bb8c5
Author:     Patrice Clement <monsieurp@gentoo.org>
AuthorDate: 2022-09-04 22:11:25 +0000
Commit:     Patrice Clement <monsieurp@gentoo.org>
CommitDate: 2022-09-04 22:12:23 +0000

    www-apps/zeppelin-bin: add 0.10.1
    
    Bug: https://bugs.gentoo.org/811447
    Signed-off-by: Patrice Clement <monsieurp@gentoo.org>

 www-apps/zeppelin-bin/Manifest                   |  1 +
 www-apps/zeppelin-bin/zeppelin-bin-0.10.1.ebuild | 53 ++++++++++++++++++++++++
 2 files changed, 54 insertions(+)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-05 16:39:30 UTC
Please stabilize when ready.