Apache Superset uncontrolled resource consumption
Moderate severity
GitHub Reviewed
Published
Dec 19, 2023
to the GitHub Advisory Database
•
Updated Dec 19, 2023
Package
Affected versions
< 2.1.2
>= 3.0.0, < 3.0.1
Patched versions
2.1.2
3.0.1
Description
Published by the National Vulnerability Database
Dec 19, 2023
Published to the GitHub Advisory Database
Dec 19, 2023
Reviewed
Dec 19, 2023
Last updated
Dec 19, 2023
Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.
This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.
References