High severityNVD Advisory· Published Nov 12, 2021· Updated Aug 4, 2024
Credentials leak
CVE-2021-41972
Description
Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-supersetPyPI | < 1.3.2 | 1.3.2 |
Affected products
3- osv-coords2 versions
< 1.3.2+ 1 more
- (no CPE)range: < 1.3.2
- (no CPE)range: < 1.3.2
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-42q4-9xf9-f67xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-41972ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-434.yamlghsaWEB
- lists.apache.org/thread/xpdl2r538o695o7r9gd9qrwqb17bdd3vghsax_refsource_MISCWEB
- seclists.org/oss-sec/2021/q4/106ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.