CVE-2022-43719

Cross-Site Request Forgery (CSRF) in pypi/apache-superset

Identifiers

CVE-2022-43719, GHSA-7222-r37x-8q3m

Package Slug

pypi/apache-superset

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

Two legacy REST API endpoints for approval and request access is vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Affected Versions

All versions up to 1.5.2, version 2.0.0

Solution

Upgrade to versions 1.5.3, 2.0.1 or above.

Last Modified

2023-01-23

source