CVE-2023-43701

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-43701

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-43701.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-43701

Aliases

Published

2023-11-27T11:15:07Z

Modified

2025-02-05T09:11:40.548494Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache Superset versions prior to 2.1.2. Users are recommended to upgrade to version 2.1.2, which fixes this issue.

References

Affected packages

Git / github.com/apache/superset

Affected ranges

Type: GIT
Repo: https://github.com/apache/superset
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

840b4869067f05b71e70a9d4e1b6e4269c8f7b12