CVE-2021-28125

URL Redirection to Untrusted Site (Open Redirect) in pypi/superset

Identifier

CVE-2021-28125

Package Slug

pypi/superset

Vulnerability

URL Redirection to Untrusted Site (Open Redirect)

Description

Apache Superset allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.

Affected Versions

All versions up to 1.0.1

Solution

Upgrade to version 1.1.0 or above.

Last Modified

2021-05-10

source