CVE-2023-37941

Deserialization of Untrusted Data in pypi/apache-superset

Identifiers

CVE-2023-37941, GHSA-fj4x-m62j-wvwg

Package Slug

pypi/apache-superset

Vulnerability

Deserialization of Untrusted Data

Description

If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. This vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0.

Affected Versions

All versions starting from 1.5.0 up to 2.1.0

Solution

Upgrade to version 2.1.1 or above.

Last Modified

2023-09-11

source