CVE-2021-28655

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://lists.apache.org/thread/bxs056g3xlsofz0jb3wny9dw4llwptd2", "name": "https://lists.apache.org/thread/bxs056g3xlsofz0jb3wny9dw4llwptd2", "tags": ["Mailing List", "Vendor Advisory"], "refsource": ""}, {"url": "https://lists.apache.org/thread/bxs056g3xlsofz0jb3wny9dw4llwptd2", "name": "https://lists.apache.org/thread/bxs056g3xlsofz0jb3wny9dw4llwptd2", "tags": ["Mailing List", "Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The improper Input Validation vulnerability in \"\u201dMove folder to Trash\u201d feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-28655", "ASSIGNER": "security@apache.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 3.9}}, "publishedDate": "2022-12-16T13:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "0.9.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-04-17T16:15Z"}