Security
Headlines

Headlines Latest CVEs

Headline

GHSA-fxjg-28fm-pfxh: Apache Superset Server-Side Request Forgery vulnerability

A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulnerability exists in Apache Superset versions up to and including 2.0.1.

1 year ago

#vulnerability #apache #git #ssrf #auth

Apache Superset Server-Side Request Forgery vulnerability

Moderate severity GitHub Reviewed Published Jul 6, 2023 to the GitHub Advisory Database • Updated Jul 6, 2023

Related news

A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulnerability exists in Apache Superset versions up to and including 2.0.1.

1 year ago

#vulnerability #apache #ssrf #auth

ghsa: Latest News

GHSA-pxg6-pf52-xh8x: cookie accepts cookie name, path, and domain with out of bounds characters

2 days ago

GHSA-q898-frwq-f3qp: Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS

2 days ago

GHSA-8xq9-g7ch-35hg: Parse Server's custom object ID allows to acquire role privileges

2 days ago

GHSA-8h22-6qwx-q4w9: OpenStack Ironic fails to verify checksums of supplied image_source URLs

2 days ago

GHSA-wwcp-26wc-3fxm: JSON-lib mishandles an unbalanced comment string

3 days ago