CVE-2023-42504: Allocation of Resources Without Limits or Throttling

November 28, 2023 (updated December 4, 2023)

An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.

This issue affects Apache Superset: before 3.0.0

References

www.openwall.com/lists/oss-security/2023/11/28/6
github.com/advisories/GHSA-3hp7-4qq4-v5c6
lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l
nvd.nist.gov/vuln/detail/CVE-2023-42504

Detect and mitigate CVE-2023-42504 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →