Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache superset vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-42250
Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs.
Apache Superset
4.3
CVSSv3
CVE-2023-39264
By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.
Apache Superset
6.5
CVSSv3
CVE-2023-49734
An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: prior to 2.1.2, from...
Apache Superset
8.8
CVSSv3
CVE-2023-49736
A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: prior to 2.1.2, from 3.0.0 prior to 3.0.2. Users are recommended to upgrade to version 3....
Apache Superset
5.3
CVSSv3
CVE-2019-12413
In Apache Incubator Superset prior to 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query.
Apache Superset
5.4
CVSSv3
CVE-2023-43701
Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issu...
Apache Superset
6.5
CVSSv3
CVE-2023-25504
A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulner...
Apache Superset
9.8
CVSSv3
CVE-2022-27479
Apache Superset prior to 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.
Apache Superset
8.8
CVSSv3
CVE-2023-40610
Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially c...
Apache Superset
5.4
CVSSv3
CVE-2021-27907
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the u...
Apache Superset
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »