Lucene search
China National Vulnerability DatabaseCNVD-2024-14775HistoryMar 21, 2024 - 12:00 a.m.
Apache Superset Resource Management Error Vulnerability (CNVD-2024-14775)
2024-03-2100:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
apache superset
data visualization
data exploration
resource management
vulnerability
uncontrolled resource consumption
authenticated attacker
malicious zip
apache foundation
cnvd-2024-14775
Apache Superset is a data visualization and data exploration platform from the Apache (USA) Foundation. A resource management error vulnerability exists in Apache Superset versions 2.1.2 and earlier, 3.0.0, and 3.0.1, which stems from uncontrolled resource consumption by the application, and can be exploited by an authenticated attacker to upload a malicious ZIP that may trigger uncontrolled resource consumption.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache apache superset | le | 2.1.2 | |
| apache apache superset | eq | 3.0.0 | |
| apache apache superset | eq | 3.0.1 |
Related
prion
prion
Code injection
2024-02-14 12:15:00
cvelist
cvelist
cve
cve
CVE-2024-23952
2024-02-14 12:15:47
nvd
nvd
CVE-2024-23952
2024-02-14 12:15:47
github
github
Duplicate Advisory: Apache Superset uncontrolled resource consumption
2024-05-30 20:53:33