VYPR

PyPI package

superset

pkg:pypi/superset

Vulnerabilities (2)

  • CVE-2021-28125Apr 27, 2021
    affected <= 0.34.0

    Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince

  • CVE-2018-8021Nov 7, 2018
    affected < 0.23fixed 0.23

    Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.