{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T18:01:06.994","vulnerabilities":[{"cve":{"id":"CVE-2024-51775","sourceIdentifier":"security@apache.org","published":"2025-08-03T11:15:26.000","lastModified":"2025-11-04T22:16:04.370","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin.\n\nThe attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs. \nThis issue affects Apache Zeppelin: from 0.11.1 before 0.12.0.\n\nUsers are recommended to upgrade to version 0.12.0, which fixes the issue."},{"lang":"es","value":"Vulnerabilidad de falta de validación de origen en WebSockets en Apache Zeppelin. El atacante podría acceder al servidor Zeppelin desde otro origen sin restricciones y obtener información interna sobre los párrafos. Este problema afecta a Apache Zeppelin desde la versión 0.11.1 hasta la 0.12.0. Se recomienda actualizar a la versión 0.12.0, que soluciona el problema."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-1385"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*","versionStartIncluding":"0.11.0","versionEndExcluding":"0.12.0","matchCriteriaId":"B0F17B27-7AF8-4575-81FB-DD250ED7D8B1"}]}]}],"references":[{"url":"https://github.com/apache/zeppelin/pull/4823","source":"security@apache.org","tags":["Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2025/08/03/5","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}