Moderate severityNVD Advisory· Published Apr 27, 2021· Updated Aug 3, 2024
Apache Superset Open Redirect
CVE-2021-28125
Description
Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
supersetPyPI | <= 0.34.0 | — |
apache-supersetPyPI | < 1.1.0 | 1.1.0 |
Affected products
4- osv-coords3 versions
< 1.0.2+ 2 more
- (no CPE)range: < 1.0.2
- (no CPE)range: < 1.1.0
- (no CPE)range: <= 0.34.0
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-pfwg-rxf4-97c3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-28125ghsaADVISORY
- www.openwall.com/lists/oss-security/2021/04/27/2ghsamailing-listx_refsource_MLISTWEB
- github.com/apache/superset/commit/eb35b804acf4d84cb70d02743e04b8afebbee029ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-128.yamlghsaWEB
- lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3Eghsax_refsource_MISCmailing-listx_refsource_MLISTWEB
- lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434@%3Cdev.superset.apache.org%3EghsaWEB
News mentions
0No linked articles in our index yet.