CVE-2018-8021: Deserialization of Untrusted Data

November 7, 2018 (updated January 30, 2019)

Superset uses an unsafe load method from the pickle library to deserialize data leading to possible remote code execution.

References

nvd.nist.gov/vuln/detail/CVE-2018-8021
www.exploit-db.com/exploits/45933/

Detect and mitigate CVE-2018-8021 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →