CVE-2024-51775

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-51775

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-51775.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-51775

Aliases

GHSA-xg8j-j6vp-6h5w

Published

2025-08-03T11:15:26Z

Modified

2025-08-05T22:55:59Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin.

The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0.

Users are recommended to upgrade to version 0.12.0, which fixes the issue.

References

https://github.com/apache/zeppelin/pull/4823

Affected packages

Git / github.com/apache/zeppelin

Affected ranges

Type: GIT
Repo: https://github.com/apache/zeppelin
Events: Introduced

523075a498ea6b72109fd817bab95f5d7fcb2829

Fixed

9e0fcc7b8ea48167be3e71d135378a934e3f4b25