Headline
GHSA-4fg9-5w46-xmrj: Apache Superset Server Side Request Forgery vulnerability
Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF.
Apache Superset Server Side Request Forgery vulnerability
Moderate severity GitHub Reviewed Published Sep 6, 2023 to the GitHub Advisory Database • Updated Sep 8, 2023
Related news
Alert: Apache SuperSet Vulnerabilities Expose Servers to Remote Code Execution Attacks
Patches have been released to address two new security vulnerabilities in Apache SuperSet that could be exploited by an attacker to gain remote code execution on affected systems. The update (version 2.1.1) plugs CVE-2023-39265 and CVE-2023-37941, which make it possible to conduct nefarious actions once a bad actor is able to gain control of Superset’s metadata database. Outside of these