VYPR

Superset

by Apache

pypi: superset

Source repositories

CVEs (63)

  • CVE-2021-28125Apr 27, 2021
    risk 0.00cvss epss 0.64

    Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince…

  • CVE-2021-27907Mar 5, 2021
    risk 0.00cvss epss 0.86

    Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the…

  • CVE-2020-1932Jan 28, 2020
    risk 0.00cvss epss 0.01

    An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset.

Page 4 of 4