6.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
60.8%
apache_superset
is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper object sanitization; if an unauthorized attacker was to obtain write access to the metadata database of Apache Superset, they could persist a specifically crafted Python object that results in remote code execution on Superset’s web backend.
CPE | Name | Operator | Version |
---|---|---|---|
apache-superset | le | 2.1.0 | |
apache-superset | le | 2.1.0 |
packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html
github.com/advisories/GHSA-fj4x-m62j-wvwg
github.com/apache/superset/commit/251ce2ed2a79cfa2ef683d0e2f460b44844a1dcd#diff-b0dc8f379cb3de3fe61384e85399935be8b6af530d966ee7d8d1a1c6c857c96aR17
lists.apache.org/thread/6qk1zscc06yogxxfgz2bh2bvz6vh9g7h