CVE-2018-8021

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-8021

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-8021.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-8021

Aliases

GHSA-vxp9-wv2f-wqmw
PYSEC-2018-74

Published

2018-11-07T14:29:00Z

Modified

2024-11-21T04:13:06Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.

References

https://www.exploit-db.com/exploits/45933/
https://github.com/apache/incubator-superset/pull/4243

Affected packages

Git / github.com/apache/superset

Affected ranges

Type: GIT
Repo: https://github.com/apache/superset
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0fcdfcfd8c20632298e2cd6a68462a9dab7dbc67