GHSA-pfwg-rxf4-97c3

Suggest an improvement
Source
https://github.com/advisories/GHSA-pfwg-rxf4-97c3
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-pfwg-rxf4-97c3/GHSA-pfwg-rxf4-97c3.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-pfwg-rxf4-97c3
Aliases
Published
2021-10-06T17:47:53Z
Modified
2025-02-05T09:11:57.009411Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Open Redirect in Apache Superset
Details

Apache Superset prior to 1.1.0 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.

Database specific
{
    "nvd_published_at": "2021-04-27T10:15:00Z",
    "github_reviewed_at": "2021-10-06T14:11:38Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-601"
    ]
}
References

Affected packages

PyPI / superset

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.34.0

Affected versions

0.*

0.13.2
0.14.0
0.14.1
0.15.0
0.15.1
0.15.3
0.15.4
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.17.5
0.17.6
0.18.0
0.18.2
0.18.3
0.18.4
0.18.5
0.19.0
0.19.1
0.20.0
0.20.1
0.20.2
0.20.3
0.20.4
0.20.5
0.20.6
0.21.0
0.21.1
0.22.0
0.22.1
0.23.0
0.23.1
0.23.2
0.23.3
0.24.0
0.25.0
0.25.1
0.25.2
0.25.3
0.25.4
0.25.5
0.25.6
0.26.0
0.26.2
0.26.3
0.27.0rc1
0.27.0
0.28.0
0.28.1
0.29.0rc6
0.29.0rc7
0.30.0
0.30.1

PyPI / apache-superset

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.0

Affected versions

0.*

0.34.0
0.34.1
0.35.1
0.35.2
0.36.0
0.37.0
0.37.1
0.37.2
0.38.0
0.38.1

1.*

1.0.0
1.0.1