Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2021-28125

UNKNOWN
Published 2021-04-27T09:27:22
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-28125. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache Superset

Affected Versions:

Apache Superset

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Open Redirect in Apache Superset

GHSA-pfwg-rxf4-97c3

Advisory Details

Apache Superset prior to 1.1.0 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.

Affected Packages

PyPI superset
ECOSYSTEM: ≥0 ≤0.34.0
PyPI apache-superset
ECOSYSTEM: ≥0 <1.1.0

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-28125
WEB https://github.com/apache/superset/commit/eb35b804acf4d84cb70d02743e04b8afebbee029
ADVISORY https://github.com/advisories/GHSA-pfwg-rxf4-97c3
PACKAGE https://github.com/apache/superset
WEB https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-128.yaml
WEB https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E
WEB https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434@%3Cdev.superset.apache.org%3E
WEB http://www.openwall.com/lists/oss-security/2021/04/27/2

Advisory provided by GitHub Security Advisory Database. Published: October 6, 2021, Modified: June 1, 2022

References

https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E
https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E
http://www.openwall.com/lists/oss-security/2021/04/27/2
Published: 2021-04-27T09:27:22
Last Modified: 2024-08-03T21:33:17.571Z
Copied to clipboard!