CVE-2024-31866

CRITICAL LAB

Apache Zeppelin 0.8.2-0.11.0 - Remote Code Execution via Configuration Override

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-31866. PoCs published by exploitintel.

AI-analyzed exploit summary The repository contains functional exploit code for CVE-2024-31866, demonstrating remote code execution via environment variable injection in Apache Zeppelin 0.8.2–0.11.0. It includes multiple PoC scripts that successfully exploit the vulnerability and confirm a bypass in the patched version 0.11.1.

Description

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Exploits (1)

github WORKING POC 1 stars

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2024-31866

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2024-31866, demonstrating remote code execution via environment variable injection in Apache Zeppelin 0.8.2–0.11.0. It includes multiple PoC scripts that successfully exploit the vulnerability and confirm a bypass in the patched version 0.11.1.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Zeppelin 0.8.2–0.11.0

No auth needed

Prerequisites: Docker environment with vulnerable Apache Zeppelin instance · Network access to target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 04, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2024/04/09/10

Issue Tracking, Patch patch

https://github.com/apache/zeppelin/pull/4715

Mailing List, Vendor Advisory vendor-advisory

https://lists.apache.org/thread/jpkbq3oktopt34x2n5wnhzc2r1410ddd

Scores

CVSS v3 9.8

EPSS 0.0115

EPSS Percentile 79.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Lab Environment

EIP LAB

vulnerable docker pull ghcr.io/exploitintel/cve-2024-31866-vulnerable:latest

View in Library GitHub

Details

CWE

CWE-116

Status published

Products (2)

apache/zeppelin 0.8.2 - 0.11.1

org.apache.zeppelin/zeppelin-interpreter 0.8.2 - 0.11.1Maven

Published Apr 09, 2024

Tracked Since Feb 18, 2026