{"schema_version": "1.6.1", "id": "CVE-2024-52279", "summary": "Arbitrary file read by adding malicious JDBC connection string", "details": "Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input.\n\nThis issue affects Apache Zeppelin: from 0.11.1 before 0.12.0.\n\nUsers are recommended to upgrade to version 0.12.0, which fixes the issue.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0.11.1"}, {"fixed": "0.12.0"}]}]}], "references": [{"type": "WEB", "url": "https://github.com/apache/zeppelin/pull/4838"}, {"type": "REPORT", "url": "https://issues.apache.org/jira/browse/ZEPPELIN-6095"}, {"type": "WEB", "url": "https://www.cve.org/CVERecord?id=CVE-2024-31864"}, {"type": "WEB", "url": "https://lists.apache.org/thread/dxb98vgrb21rrl3k0fzonpk66onr6o4q"}]}