{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T23:26:20.303","vulnerabilities":[{"cve":{"id":"CVE-2021-28655","sourceIdentifier":"security@apache.org","published":"2022-12-16T13:15:08.723","lastModified":"2025-04-17T16:15:23.250","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The improper Input Validation vulnerability in \"”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files.  This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions."},{"lang":"es","value":"La vulnerabilidad de validación de entrada incorrecta en la función \"Move folder to Trash\" de Apache Zeppelin permite a un atacante eliminar archivos arbitrarios. Este problema afecta a Apache Zeppelin Apache Zeppelin versión 0.9.0 y versiones anteriores."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*","versionEndIncluding":"0.9.0","matchCriteriaId":"26319B3A-B658-40AE-83DA-62FEDEA6D002"}]}]}],"references":[{"url":"https://lists.apache.org/thread/bxs056g3xlsofz0jb3wny9dw4llwptd2","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"https://lists.apache.org/thread/bxs056g3xlsofz0jb3wny9dw4llwptd2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]}]}}]}