GHSA-7222-r37x-8q3m

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-7222-r37x-8q3m/GHSA-7222-r37x-8q3m.json

Aliases

CVE-2022-43719

Published

2023-01-16T12:30:18Z

Modified

2023-01-31T02:29:35.123822Z

Details

Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-43719
https://github.com/apache/superset
https://lists.apache.org/thread/xc309h2dphrkg33154djf3nqlh2xc1c0

Affected packages

PyPI / apache-superset

apache-superset

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Last affected

1.5.2

Affected versions

0.*

0.34.0

0.34.1

0.35.1

0.35.2

0.36.0

0.37.0

0.37.1

0.37.2

0.38.0

0.38.1

1.*

1.0.0

1.0.1

1.1.0

1.2.0

1.3.0

1.3.1

1.3.2

1.4.0

1.4.1

1.4.2

1.5.0

1.5.1

1.5.2

PyPI / apache-superset

apache-superset

Affected ranges

Affected versions

2.*

2.0.0