Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2018-8021

Published: 07/11/2018 Updated: 30/01/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Apache

Vulnerability Summary

Versions of Superset before 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache superset

Exploits

Exploit DB: Apache Superset 0.23 Remote Code Execution
Apache Superset version 023 suffers from a remote code execution vulnerability ...

Github Repositories

https://github.com/DavidMay121/ExploitDev

Repository for scripts I am working on or have completed related to exploits I have found or CVEs I am requesting.

ExploitDev CVE-2018-8021 Authenticated Remote Code Execution via Import Dashboards in Apache Superset < 023

https://github.com/r3dxpl0it/Apache-Superset-Remote-Code-Execution-PoC-CVE-2018-8021-

CVE-2018-8021 Proof-Of-Concept and Exploit

Apache Superset pickle library code execution IBM : Apache Superset could allow a remote attacker to execute arbitrary code on the system, caused by the use of unsafe load method from the pickle library to deserialize data By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system Refs : apache/superset#4243 htt

https://github.com/r3dxpl0it/Apache-Superset-Remote-Code-Execution-PoC-CVE-2018-8021

CVE-2018-8021 Proof-Of-Concept and Exploit

Apache Superset pickle library code execution IBM : Apache Superset could allow a remote attacker to execute arbitrary code on the system, caused by the use of unsafe load method from the pickle library to deserialize data By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system Refs : apache/superset#4243 htt

https://github.com/PonusJang/RCE_COLLECT

RCE_COLLECT githubcom/shengqi158/fastjson-remote-code-execute-poc CVE-2018-802: githubcom/r3dxpl0it/Apache-Superset-Remote-Code-Execution-PoC-CVE-2018-8021 CVE-2018-11235: githubcom/JameelNabbo/git-remote-code-execution CVE-2018-15133: githubcom/kozmic/laravel-poc-CVE-2018-15133

References

CWE-502https://github.com/apache/incubator-superset/pull/4243https://www.exploit-db.com/exploits/45933/https://nvd.nist.govhttps://packetstormsecurity.com/files/150602/Apache-Superset-0.23-Remote-Code-Execution.htmlhttps://github.com/DavidMay121/ExploitDev
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook