Lucene search

K

GoogleOSV:GHSA-PFWG-RXF4-97C3

HistoryOct 06, 2021 - 5:47 p.m.

Open Redirect in Apache Superset

2021-10-0617:47:53

Google

osv.dev

14

apache

superset

open redirect

EPSS

0.004

Percentile

74.8%

Apache Superset prior to 1.1.0 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.

References

www.openwall.com/lists/oss-security/2021/04/27/2

github.com/advisories/GHSA-pfwg-rxf4-97c3

github.com/apache/superset

github.com/apache/superset/commit/eb35b804acf4d84cb70d02743e04b8afebbee029

github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-128.yaml

lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E

lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434@%3Cdev.superset.apache.org%3E

nvd.nist.gov/vuln/detail/CVE-2021-28125

EPSS

0.004

Percentile

74.8%

Related for OSV:GHSA-PFWG-RXF4-97C3

osv2 veracode1 prion1 cvelist1 github1 nvd1 cve1