← voltar
CVE-2021-28125

Apache Superset Open Redirect

EPSS 63.8%CWE-601
Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.
Produtos afetados
Apache Software Foundation · Apache Superset

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3Ehttp://www.openwall.com/lists/oss-security/2021/04/27/2