Lucene search
ApacheCVELIST:CVE-2023-37941HistorySep 06, 2023 - 1:06 p.m.
CVE-2023-37941 Apache Superset: Metadata db write access can lead to remote code execution
2023-09-0613:06:20
CWE-502
apache
raw.githubusercontent.com
1
cve-2023-37941
apache superset
metadata
write access
remote code execution
upgrade
version 2.1.1
If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset’s web backend.
The Superset metadata db is an ‘internal’ component that is typically
only accessible directly by the system administrator and the superset
process itself. Gaining access to that database should
be difficult and require significant privileges.
This vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0. Users are recommended to upgrade to version 2.1.1 or later.
Related
osv
osv
CVE-2023-37941
2023-09-06 14:15:10
Apache Superset Deserialization of Untrusted Data vulnerability
2023-09-06 15:30:27
prion
prion
Remote code execution
2023-09-06 14:15:00
cve
cve
CVE-2023-37941
2023-09-06 14:15:10
veracode
veracode
Deserialization Of Untrusted Data
2023-09-12 07:25:24
github
github
Apache Superset Deserialization of Untrusted Data vulnerability
2023-09-06 15:30:27
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-10-19 20:15:08
packetstorm
packetstorm
Apache Superset 2.0.0 Remote Code Execution
2023-10-13 00:00:00
zdt
zdt
Apache Superset 2.0.0 Remote Code Execution Exploit
2023-10-15 00:00:00
thn
thn