VYPR
Moderate severityNVD Advisory· Published Dec 19, 2023· Updated Feb 13, 2025

Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb

CVE-2023-46104

Description

Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
apache-supersetPyPI
< 2.1.22.1.2
apache-supersetPyPI
>= 3.0.0, < 3.1.0rc13.1.0rc1

Affected products

3

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.