Vulnerability Database

300,445

Total vulnerabilities in the database

CVE-2024-51775

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin.

The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0.

Users are recommended to upgrade to version 0.12.0, which fixes the issue.

Published: Aug 3, 2025
Updated: Nov 13, 2025
CVE: CVE-2024-51775
GHSA: GHSA-xg8j-j6vp-6h5w
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-1385

Affected Software
References

Software	From	Fixed in
org.apache.zeppelin / zeppelin-shell	0.11.1	0.12.0
apache / zeppelin	0.11.0	0.12.0

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo