CVE-2023-36388

Server-Side Request Forgery (SSRF) in pypi/apache-superset

Identifiers

CVE-2023-36388, GHSA-4fg9-5w46-xmrj

Package Slug

pypi/apache-superset

Vulnerability

Server-Side Request Forgery (SSRF)

Description

Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF.

Affected Versions

All versions up to 2.1.0

Solution

Upgrade to version 2.1.1 or above.

Last Modified

2023-09-11

source