Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:26774
HistorySep 18, 2020 - 6:51 a.m.

Remote Code Execution (RCE)

2020-09-1806:51:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
apache_superset
remote code execution
web application
os package
environment variables
process information

EPSS

0.001

Percentile

48.1%

JSON

apache_superset is vulnerable to remote code execution (RCE). Failure to validate a number of templated text fields allows an authenticated user to send malicious requests and gain access to Pythons os package in the web application process and access files, environment variables and process information. Setting of environment variables for the current process, creating and updating files in folders writable by the web process and executing arbitrary programs accessible by the web process are also possible.

Related

nvd 1
cvelist 1
cve 1
osv 3
github 1
prion 1
nvd
nvd
CVE-2020-13948
2020-09-17 13:15:15
cvelist
cvelist
CVE-2020-13948
2020-09-17 12:31:11
cve
cve
CVE-2020-13948
2020-09-17 13:15:15
osv
osv
CVE-2020-13948
2020-09-17 13:15:15
PYSEC-2020-222
2020-09-17 13:15:00
Apache Superset OS Command Injection
2022-05-24 22:28:32
github
github
Apache Superset OS Command Injection
2022-05-24 22:28:32
prion
prion
Code injection
2020-09-17 13:15:00

EPSS

0.001

Percentile

48.1%

JSON
Related for VERACODE:26774
nvd1cvelist1cve1osv3github1prion1