Lucene search
PRIOn knowledge basePRION:CVE-2023-37941HistorySep 06, 2023 - 2:15 p.m.
Remote code execution
2023-09-0614:15:00
PRIOn knowledge base
www.prio-n.com
12
apache superset
remote code execution
metadata database
vulnerability
upgrade
If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset’s web backend.
The Superset metadata db is an ‘internal’ component that is typically
only accessible directly by the system administrator and the superset
process itself. Gaining access to that database should
be difficult and require significant privileges.
This vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0. Users are recommended to upgrade to version 2.1.1 or later.
Related
osv
osv
CVE-2023-37941
2023-09-06 14:15:10
Apache Superset Deserialization of Untrusted Data vulnerability
2023-09-06 15:30:27
veracode
veracode
Deserialization Of Untrusted Data
2023-09-12 07:25:24
github
github
Apache Superset Deserialization of Untrusted Data vulnerability
2023-09-06 15:30:27
cve
cve
CVE-2023-37941
2023-09-06 14:15:10
nvd
nvd
CVE-2023-37941
2023-09-06 14:15:10
cvelist
cvelist
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-10-19 20:15:08
zdt
zdt
Apache Superset 2.0.0 Remote Code Execution Exploit
2023-10-15 00:00:00
packetstorm
packetstorm
Apache Superset 2.0.0 Remote Code Execution
2023-10-13 00:00:00
thn
thn