An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Affected Packages

PyPI apache-superset

Affected versions: 0 (last affected: 1.5.2)

PyPI apache-superset

Related CVEs

CVE-2022-43721

Key Information

GHSA ID

GHSA-fcg4-pm6h-9xx2

Published

January 16, 2023 12:30 PM

Last Modified

April 7, 2025 7:49 PM

CVSS Score

5.0 /10

Primary Ecosystem

PyPI

Primary Package

apache-superset

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 12, 2025 6:34 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.