Veracode Vulnerability DatabaseVERACODE:43229Deserialization Of Untrusted Data
6.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
60.8%
apache_superset is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper object sanitization; if an unauthorized attacker was to obtain write access to the metadata database of Apache Superset, they could persist a specifically crafted Python object that results in remote code execution on Superset’s web backend.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache-superset | le | 2.1.0 | |
| apache-superset | le | 2.1.0 |
References
packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html
github.com/advisories/GHSA-fj4x-m62j-wvwg
github.com/apache/superset/commit/251ce2ed2a79cfa2ef683d0e2f460b44844a1dcd#diff-b0dc8f379cb3de3fe61384e85399935be8b6af530d966ee7d8d1a1c6c857c96aR17
lists.apache.org/thread/6qk1zscc06yogxxfgz2bh2bvz6vh9g7h
Related
6.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
60.8%