CVE-2022-43721

URL Redirection to Untrusted Site ('Open Redirect') in pypi/apache-superset

Identifiers

CVE-2022-43721, GHSA-fcg4-pm6h-9xx2

Package Slug

pypi/apache-superset

Vulnerability

URL Redirection to Untrusted Site ('Open Redirect')

Description

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Affected Versions

All versions up to 1.5.2, version 2.0.0

Solution

Upgrade to versions 1.5.3, 2.0.1 or above.

Last Modified

2023-01-23

source