GHSA-6623-c6mr-6737 · Severity: medium · Ecosystem: maven — Apache Zeppelin: Denial of service with invalid notebook name
Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.
Conclusion & alert: CVE-2024-31862 is rated Moderate Risk (46.2/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 1.36%). Core evidence: EPSS rose +1.15% over the last day, indicating growing attacker interest. Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.21% | 1.36% | +1.15% |
| 2 | 2025-11-21 | 1.44% | 0.21% | -1.23% |
| 3 | 2025-11-18 | — | 1.44% | — |
Full EPSS history (11 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 5.3 | 3.1 | MEDIUM |
|
3.9 | 1.4 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
GHSA-6623-c6mr-6737 · Severity: medium · Ecosystem: maven — Apache Zeppelin: Denial of service with invalid notebook name
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2024/04/09/5 | Mailing List |
| https://github.com/apache/zeppelin/pull/4632 | Issue Tracking Patch |
| https://lists.apache.org/thread/73xdjx43yg4yz8bd4p3o8vzyybkysmn0 | Mailing List Vendor Advisory |