GHSA-hhm3-48h2-597v

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-hhm3-48h2-597v/GHSA-hhm3-48h2-597v.json

Aliases

CVE-2021-44451 ( PYSEC-2022-36 )
PYSEC-2022-36

Published

2022-02-02T00:01:46Z

Modified

2023-08-31T15:30:47.805278Z

Details

Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-44451
https://github.com/apache/superset
https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb

Affected packages

PyPI / apache-superset

Source Details

Package Name: apache-superset

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.4.0

Affected versions

0.*

0.34.0

0.34.1

0.35.1

0.35.2

0.36.0

0.37.0

0.37.1

0.37.2

0.38.0

0.38.1

1.*

1.0.0

1.0.1

1.1.0

1.2.0

1.3.0

1.3.1

1.3.2

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}