Lucene search
China National Vulnerability DatabaseCNVD-2023-96661HistoryNov 30, 2023 - 12:00 a.m.
Apache Superset Input Validation Error Vulnerability (CNVD-2023-9666130)
2023-11-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
15
apache superset
data visualization
data exploration
vulnerability
input validation
apache foundation
authenticated attacker
http host header
dataset
untrusted site
spoofing
Apache Superset is a data visualization and data exploration platform from the Apache (USA) Foundation. An input validation error vulnerability exists in Apache Superset versions prior to 3.0.0. The vulnerability stems from the presence of improper input validation, which can be exploited by an authenticated attacker to change the link to a dataset to an untrusted site by spoofing the HTTP host header, and users may be redirected to that site when clicking on that particular dataset.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache superset | lt | 3.0.0 |
Related
nvd
nvd
CVE-2023-42502
2023-11-28 17:15:07
osv
osv
Apache Superset Open Redirect vulnerability
2023-11-28 18:30:23
CVE-2023-42502
2023-11-28 17:15:07
veracode
veracode
Open Redirect
2023-11-29 14:04:02
cve
cve
CVE-2023-42502
2023-11-28 17:15:07
prion
prion
Spoofing
2023-11-28 17:15:00
cvelist
cvelist
CVE-2023-42502 Apache Superset: Open Redirect Vulnerability
2023-11-28 16:25:43
github
github
Apache Superset Open Redirect vulnerability
2023-11-28 18:30:23