CVE-2023-37941

Deserialization of Untrusted Data in pypi/superset

Identifiers

CVE-2023-37941

Package Slug

pypi/superset

Vulnerability

Deserialization of Untrusted Data

Description

If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. This vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0.

Affected Versions

All versions starting from 1.5.0 up to 2.1.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-09-14

source