CVE-2022-43720

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in pypi/apache-superset

Identifiers

CVE-2022-43720, GHSA-fpmr-qmgh-42x2

Package Slug

pypi/apache-superset

Vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Description

An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Affected Versions

All versions up to 1.5.2, version 2.0.0

Solution

Upgrade to versions 1.5.3, 2.0.1 or above.

Last Modified

2023-01-23

source