Maven package
org.apache.zeppelin/zeppelin-web
pkg:maven/org.apache.zeppelin/zeppelin-web
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-41177 | — | < 0.12.0 | 0.12.0 | Aug 3, 2025 | Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin. This issue affects Apache Zeppelin: before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue. | ||
| CVE-2021-28656 | — | <= 0.9.0 | — | Apr 9, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. |
- CVE-2024-41177Aug 3, 2025affected < 0.12.0fixed 0.12.0
Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin. This issue affects Apache Zeppelin: before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue.
- CVE-2021-28656Apr 9, 2024affected <= 0.9.0
Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.