Page 9 of 42 results (0.003 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab En Apache Incubator Superset versiones anteriores a 0.32, un usuario puede visualizar los nombres de las bases de datos a los que no tiene acceso en una lista desplegable en SQLLab. • https://lists.apache.org/thread.html/396034aabe08dd349ff44eb062c718aadcf1b4e86f6372c7d5e988c0%40%3Cdev.superset.apache.org%3E • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 93%CPEs: 1EXPL: 2

Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation. Las versiones anteriores a la 0.23 de Superset empleaban un método inseguro de carga de la biblioteca pickle para deserializar datos, lo que conduce a una posible ejecución remota de código. Nota: Superset 0.23 se lanzó antes que cualquier distribución de Superset bajo la Apache Software Foundation. Apache Superset version 0.23 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/45933 https://github.com/r3dxpl0it/Apache-Superset-Remote-Code-Execution-PoC-CVE-2018-8021 https://github.com/apache/incubator-superset/pull/4243 • CWE-502: Deserialization of Untrusted Data •