{
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
      },
      "title": "Arbitrary file deletion vulnerability",
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "cweId": "CWE-20",
              "type": "CWE"
            }
          ]
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "affected": [
        {
          "vendor": "Apache Software Foundation",
          "product": "Apache Zeppelin",
          "versions": [
            {
              "status": "affected",
              "version": "0",
              "lessThanOrEqual": "0.9.0",
              "versionType": "custom"
            }
          ],
          "defaultStatus": "unaffected"
        }
      ],
      "descriptions": [
        {
          "value": "The improper Input Validation vulnerability in \"\u201dMove folder to Trash\u201d feature of Apache Zeppelin allows an attacker to delete the arbitrary files.  This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.",
          "lang": "en",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "The improper Input Validation vulnerability in \"\u201dMove folder to Trash\u201d feature of Apache Zeppelin allows an attacker to delete the arbitrary files.  This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions."
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://lists.apache.org/thread/bxs056g3xlsofz0jb3wny9dw4llwptd2",
          "tags": [
            "vendor-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "other": {
            "type": "Textual description of severity",
            "content": {
              "text": "important"
            }
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Kai Zhao",
          "type": "finder"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "cveId": "CVE-2021-28655",
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "serial": 1,
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.0"
}