CVE-2021-28125
Description
Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
4.916
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-28125 are affected in Python-superset 0.30.1 | Windows |
| Vulnerabilities CVE-2021-28125 are fixed in Python-apache-superset 1.1.0 | Windows |
| Vulnerabilities CVE-2021-28125 are affected in Python-superset for linux 0.30.1 | Linux |
| Vulnerabilities CVE-2021-28125 are fixed in Python-apache-superset for linux 1.1.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234