Primary

Context

Apache Livy Path Traversal Vulnerability Allowing Unauthorized Directory Access

Vulnerability

Patched

A path traversal vulnerability has been identified in Apache Livy versions 0.3.0-incubating prior to 0.9.0-incubating. This vulnerability arises from improper restrictions on pathname limitations, allowing unauthorized access to directories. It can be exploited only under non-default Apache Livy Server configurations, specifically when the 'livy.file.local-dir-whitelist' value is set to a non-default option, bypassing the intended directory checks.

Impact

Exploitation of this vulnerability could lead to unauthorized access to restricted directories on the server.

Remediation

Users are advised to upgrade to Apache Livy version 0.9.0, which addresses this vulnerability.

Added: Mar 13, 2026, 8:25 PM

Updated: Mar 13, 2026, 8:25 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.2

exploitability

7.0

remediation

8.3

relevance

3.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.2

exploitability

7.0

remediation

8.3

relevance

3.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Livy Path Traversal Vulnerability Allowing Unauthorized Directory Access

Vulnerability

Impact

Remediation

Affected Products

Apache Livy

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating