Moderate severityNVD Advisory· Published Nov 28, 2023· Updated Feb 13, 2025
Apache Superset: Lack of rate limiting allows for possible denial of service
CVE-2023-42504
Description
An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.
This issue affects Apache Superset: before 3.0.0
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-supersetPyPI | < 3.0.0 | 3.0.0 |
Affected products
3- osv-coords2 versions
< 3.0.0+ 1 more
- (no CPE)range: < 3.0.0
- (no CPE)range: < 3.0.0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-3hp7-4qq4-v5c6ghsaADVISORY
- lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6lghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2023-42504ghsaADVISORY
- www.openwall.com/lists/oss-security/2023/11/28/6ghsaWEB
News mentions
0No linked articles in our index yet.