Vulnerability Database

300,445

Total vulnerabilities in the database

CVE-2024-31864

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin.

The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1.

Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Published: Apr 9, 2024
Updated: Nov 5, 2025
CVE: CVE-2024-31864
GHSA: GHSA-66j8-c83m-gj5f
Severity: Critical
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
org.apache.zeppelin / zeppelin-jdbc	-	0.11.1
apache / zeppelin	-	0.11.1

http://www.openwall.com/lists/oss-security/2024/04/09/8
http://www.openwall.com/lists/oss-security/2025/08/03/3
https://github.com/apache/zeppelin/commit/e65b5430e43c076c138a1f56e3f2aba1324118f2
https://github.com/apache/zeppelin/pull/4709
https://issues.apache.org/jira/browse/ZEPPELIN-5990
https://lists.apache.org/thread/752qdk0rnkd9nqtornz734zwb7xdwcdb
https://www.cve.org/CVERecord?id=CVE-2020-11974

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo