GHSA-pfwg-rxf4-97c3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-pfwg-rxf4-97c3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-pfwg-rxf4-97c3/GHSA-pfwg-rxf4-97c3.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-pfwg-rxf4-97c3
- Aliases
- Published
- 2021-10-06T17:47:53Z
- Modified
- 2025-02-05T09:11:57.009411Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Open Redirect in Apache Superset
- Details
-
Apache Superset prior to 1.1.0 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.
- Database specific
{ "nvd_published_at": "2021-04-27T10:15:00Z", "github_reviewed_at": "2021-10-06T14:11:38Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-601" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-28125
- https://github.com/apache/superset/commit/eb35b804acf4d84cb70d02743e04b8afebbee029
- https://github.com/advisories/GHSA-pfwg-rxf4-97c3
- https://github.com/apache/superset
- https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-128.yaml
- https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E
- https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434@%3Cdev.superset.apache.org%3E
- http://www.openwall.com/lists/oss-security/2021/04/27/2
Affected packages
PyPI / superset
Package
- Name
- superset
- View open source insights on deps.dev
- Purl
- pkg:pypi/superset
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected0.34.0
Affected versions
0.*
0.13.2
0.14.0
0.14.1
0.15.0
0.15.1
0.15.3
0.15.4
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.17.5
0.17.6
0.18.0
0.18.2
0.18.3
0.18.4
0.18.5
0.19.0
0.19.1
0.20.0
0.20.1
0.20.2
0.20.3
0.20.4
0.20.5
0.20.6
0.21.0
0.21.1
0.22.0
0.22.1
0.23.0
0.23.1
0.23.2
0.23.3
0.24.0
0.25.0
0.25.1
0.25.2
0.25.3
0.25.4
0.25.5
0.25.6
0.26.0
0.26.2
0.26.3
0.27.0rc1
0.27.0
0.28.0
0.28.1
0.29.0rc6
0.29.0rc7
0.30.0
0.30.1
PyPI / apache-superset
Package
- Name
- apache-superset
- View open source insights on deps.dev
- Purl
- pkg:pypi/apache-superset