Security
Headlines

Headlines Latest CVEs

Headline

GHSA-fxjg-28fm-pfxh: Apache Superset Server-Side Request Forgery vulnerability

A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulnerability exists in Apache Superset versions up to and including 2.0.1.

1 year ago

#vulnerability #apache #git #ssrf #auth

Apache Superset Server-Side Request Forgery vulnerability

Moderate severity GitHub Reviewed Published Jul 6, 2023 to the GitHub Advisory Database • Updated Jul 6, 2023

Related news

A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulnerability exists in Apache Superset versions up to and including 2.0.1.

1 year ago

#vulnerability #apache #ssrf #auth

ghsa: Latest News

GHSA-49cc-xrjf-9qf7: SFTPGo allows administrators to restrict command execution from the EventManager

15 hours ago

GHSA-rmxg-6qqf-x8mr: GeoNode Server Side Request forgery

16 hours ago

GHSA-5cph-wvm9-45gj: Flowise OverrideConfig security vulnerability

16 hours ago

GHSA-hj3w-wrh4-44vp: LLama Factory Remote OS Command Injection Vulnerability

16 hours ago

GHSA-jh6x-7xfg-9cq2: Searching Opencast may cause a denial of service

1 day ago