Skip to content

Improper Encoding or Escaping of Output in Apache Superset

Moderate severity GitHub Reviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Sep 12, 2024

Package

pip apache-superset (pip)

Affected versions

<= 1.3.1

Patched versions

1.3.2

Description

Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs.

References

Published by the National Vulnerability Database Nov 17, 2021
Published to the GitHub Advisory Database May 24, 2022
Reviewed Jun 21, 2022
Last updated Sep 12, 2024

Severity

Moderate

EPSS score

0.078%
(35th percentile)

Weaknesses

CVE ID

CVE-2021-42250

GHSA ID

GHSA-5fp8-c45m-256p

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.