By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.

Affected Packages

PyPI apache-superset

Affected versions: 0 (last affected: 2.1.0)

Related CVEs

CVE-2023-39264

Key Information

GHSA ID

GHSA-cpvx-2365-466c

Published

September 6, 2023 3:30 PM

Last Modified

September 8, 2023 12:18 PM

CVSS Score

5.0 /10

Primary Ecosystem

PyPI

Primary Package

apache-superset

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 27, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.