CVE-2022-43721: Apache Superset Open Redirect vulnerability

January 16, 2023 (updated April 7, 2025)

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

References

github.com/advisories/GHSA-fcg4-pm6h-9xx2
github.com/apache/superset
lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg
nvd.nist.gov/vuln/detail/CVE-2022-43721

Code Behaviors & Features

Detect and mitigate CVE-2022-43721 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →