Lucene search
K

5 matches found

OSV
OSV
added 2025/02/05 7:28 a.m.6 views

BIT-SUPERSET-2022-43720 Apache Superset: Improper rendering of user input

An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions an...

5.4CVSS5.2AI score0.01243EPSS
Exploits0References2
OSV
OSV
added 2024/02/14 12:15 p.m.7 views

CVE-2024-23952

This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset. Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset...

6.5CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/12/19 12:0 a.m.1 views

PT-2023-31313 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 2.1.3 Apache Superset versions 3.0.0 through 3.0.1 Description: An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners o...

7.7CVSS7AI score0.00942EPSS
Exploits0References18
CNNVD
CNNVD
added 2023/11/27 12:0 a.m.3 views

Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An authorization issue vulnerability exists in Apache Superset versions prior to 2.1.2 that stems from the presence of incorrect authorization checks. An attacker could exploit this vulnerability...

8.8CVSS6.8AI score0.01335EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/01/16 12:0 a.m.5 views

PT-2023-14304

Name of the Vulnerable Software and Affected Versions Apache Superset versions 1.5.2 and prior Apache Superset version 2.0.0 Description The issue concerns two legacy REST API endpoints for approval and request access that are vulnerable to cross-site request forgery. Recommendations For Apache...

8.8CVSS7.1AI score0.00567EPSS
Exploits0References11
Rows per page
Query Builder