CVE-2021-32609

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pypi/apache-superset

Identifiers

CVE-2021-32609

Package Slug

pypi/apache-superset

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Apache Superset up to and including does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page.

Affected Versions

All versions up to 1.1

Solution

Upgrade to version 1.2.0 or above.

Last Modified

2021-10-25

source