CVE-2021-28125

URL Redirection to Untrusted Site (Open Redirect) in pypi/apache-superset

Identifiers

CVE-2021-28125

Package Slug

pypi/apache-superset

Vulnerability

URL Redirection to Untrusted Site (Open Redirect)

Description

Apache Superset allows for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.

Affected Versions

All versions up to 1.0.1

Solution

Upgrade to version 1.1.0 or above.

Last Modified

2021-05-10

source