CVE-2022-43721, GHSA-fcg4-pm6h-9xx2
pypi/apache-superset
URL Redirection to Untrusted Site ('Open Redirect')
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
All versions up to 1.5.2, version 2.0.0
Upgrade to versions 1.5.3, 2.0.1 or above.
2023-01-23
source |