CVE-2019-10095: bash command injection in spark interpreter
First published: Thu Sep 02 2021(Updated: )
bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
Credit: security@apache.org security@apache.org security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Zeppelin | <=0.9.0 | |
| maven/org.apache.zeppelin:zeppelin | <0.10.0 | 0.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2019-10095
- https://lists.apache.org/thread.html/rdf06e8423833b3daadc30c56a2ff47c48920864d5199476daa897208%40%3Cusers.zeppelin.apache.org%3E
- https://lists.apache.org/thread.html/rdf06e8423833b3daadc30c56a2ff47c48920864d5199476daa897208@%3Cusers.zeppelin.apache.org%3E
- http://www.openwall.com/lists/oss-security/2021/09/02/1
- https://lists.apache.org/thread.html/rdf06e8423833b3daadc30c56a2ff47c48920864d5199476daa897208@%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/rd56389ba9cab30a6c976b9a4a6df0f85cbe8fba6a60a3cf6e3ba716b@%3Cusers.zeppelin.apache.org%3E
- https://lists.apache.org/thread.html/rd56389ba9cab30a6c976b9a4a6df0f85cbe8fba6a60a3cf6e3ba716b%40%3Cusers.zeppelin.apache.org%3E
- https://lists.apache.org/thread.html/rdf06e8423833b3daadc30c56a2ff47c48920864d5199476daa897208%40%3Cannounce.apache.org%3E
- https://security.gentoo.org/glsa/202311-04
- https://github.com/advisories/GHSA-4qw8-pgpr-p9mq (Advisory)
- collector/nvd-index
- collector/nvd-api
- collector/github-advisory-latest
- alias/GHSA-4qw8-pgpr-p9mq
- alias/CVE-2019-10095
- collector/nvd-cve
- collector/github-advisory
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- agent/references
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/title
- agent/tags
- agent/description
- agent/event
- vendor/apache
- canonical/apache zeppelin
- version/apache zeppelin/0.9.0
- package-manager/maven