6 matches found
Apache Superset 0.23 Remote Code Execution (CVE-2018-8021)
A remote code execution vulnerability exists in the Apache Superset web application. A remote attacker can exploit this vulnerability by sending a specially crafted request. Successful exploitation could lead to execute arbitrary code on the system...
Apache Superset 0.23 Remote Code Execution
Exploit Title: Apache Superset 0.23 - Remote Code Execution Date: 2018-05-17 Exploit Author: David May [email protected] Vendor Homepage: https://superset.apache.org/ Software Link: https://github.com/apache/incubator-superset Version: Any before 0.23 Tested on: Ubuntu 18.04 CVE-ID:...
Apache Superset 0.23 - Remote Code Execution
Apache Superset 0.23 - Remote Code Execution Exploit Title: Apache Superset ' sys.exit else: Script arguments supersetIP = sys.argv1 supersetPort = sys.argv2 Verify these URLs match your environment loginURL = 'http://' + supersetIP + ':' + supersetPort + '/login/' uploadURL = 'http://' +...
Apache Superset 0.23 - Remote Code Execution Exploit
Exploit for linux platform in category web applications Exploit Title: Apache Superset 0.23 - Remote Code Execution Exploit Author: David May email protected Vendor Homepage: https://superset.apache.org/ Software Link: https://github.com/apache/incubator-superset Version: Any before 0.23 Tested o...
Apache Superset < 0.23 - Remote Code Execution
Exploit Title: Apache Superset ' sys.exit else: Script arguments supersetIP = sys.argv1 supersetPort = sys.argv2 Verify these URLs match your environment loginURL = 'http://' + supersetIP + ':' + supersetPort + '/login/' uploadURL = 'http://' + supersetIP + ':' + supersetPort +...
CVE-2018-8021
CVE-2018-8021 concerns Apache Superset pre-0.23, where an unsafe pickle deserialization path can lead to remote code execution. The root cause is the use of an unsafe load method from pickle to deserialize data, enabling an attacker with network access to potentially execute arbitrary code. Multi...