Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.zeppelin/zeppelin-web@0.8.1

Type maven

Namespace org.apache.zeppelin

Name zeppelin-web

Version 0.8.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 0.12.0

Latest_non_vulnerable_version 0.12.0

Affected_by_vulnerabilities

url VCID-a4r7-fqkb-f7e2

vulnerability_id VCID-a4r7-fqkb-f7e2

summary Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-28656

reference_id

reference_type

scores

value	0.01761
scoring_system	epss
scoring_elements	0.83021
published_at	2026-06-11T12:55:00Z

value	0.01761
scoring_system	epss
scoring_elements	0.83083
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-28656

reference_url

https://github.com/apache/zeppelin

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/zeppelin

reference_url

http://www.openwall.com/lists/oss-security/2024/04/09/3

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T18:54:51Z/

url

http://www.openwall.com/lists/oss-security/2024/04/09/3

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-28656

reference_id

CVE-2021-28656

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-28656

reference_url

https://lists.apache.org/thread/dttzkkv4qyn1rq2fdv1r94otb1osxztc

reference_id

dttzkkv4qyn1rq2fdv1r94otb1osxztc

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T18:54:51Z/

url

https://lists.apache.org/thread/dttzkkv4qyn1rq2fdv1r94otb1osxztc

reference_url

https://github.com/advisories/GHSA-prvg-rh5h-74jr

reference_id

GHSA-prvg-rh5h-74jr

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-prvg-rh5h-74jr

fixed_packages

url pkg:maven/org.apache.zeppelin/zeppelin-web@0.9.0-preview1

purl pkg:maven/org.apache.zeppelin/zeppelin-web@0.9.0-preview1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uybq-u79b-9ues

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zeppelin/zeppelin-web@0.9.0-preview1

aliases CVE-2021-28656, GHSA-prvg-rh5h-74jr

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a4r7-fqkb-f7e2

url VCID-uybq-u79b-9ues

vulnerability_id VCID-uybq-u79b-9ues

summary

Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin.

This issue affects Apache Zeppelin: before 0.12.0.

Users are recommended to upgrade to version 0.12.0, which fixes the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-41177

reference_id

reference_type

scores

value	0.01329
scoring_system	epss
scoring_elements	0.80351
published_at	2026-06-11T12:55:00Z

value	0.01329
scoring_system	epss
scoring_elements	0.80412
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-41177

reference_url

https://github.com/apache/zeppelin

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/zeppelin

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-41177

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-41177

reference_url

http://www.openwall.com/lists/oss-security/2025/08/03/4

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/08/03/4

reference_url

https://github.com/apache/zeppelin/pull/4755

reference_id

4755

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T13:20:16Z/

url

https://github.com/apache/zeppelin/pull/4755

reference_url

https://github.com/apache/zeppelin/pull/4795

reference_id

4795

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T13:20:16Z/

url

https://github.com/apache/zeppelin/pull/4795

reference_url	https://github.com/advisories/GHSA-p288-459w-jxj6
reference_id	GHSA-p288-459w-jxj6
reference_type
scores
url	https://github.com/advisories/GHSA-p288-459w-jxj6

reference_url

https://lists.apache.org/thread/nwh8vh9f3pnvt04n8z4g2kbddh62blr6

reference_id

nwh8vh9f3pnvt04n8z4g2kbddh62blr6

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T13:20:16Z/

url

https://lists.apache.org/thread/nwh8vh9f3pnvt04n8z4g2kbddh62blr6

fixed_packages

url	pkg:maven/org.apache.zeppelin/zeppelin-web@0.12.0
purl	pkg:maven/org.apache.zeppelin/zeppelin-web@0.12.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zeppelin/zeppelin-web@0.12.0

aliases CVE-2024-41177, GHSA-p288-459w-jxj6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uybq-u79b-9ues

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zeppelin/zeppelin-web@0.8.1

Package Instance