CVE-2021-37839: Improper Check for Dropped Privileges

July 6, 2022 (updated July 14, 2022)

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.

References

lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82
nvd.nist.gov/vuln/detail/CVE-2021-37839

Detect and mitigate CVE-2021-37839 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →