Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2018-11-07T14:00:00

Updated: 2024-08-05T06:46:11.477Z

Reserved: 2018-03-09T00:00:00

Link: CVE-2018-8021

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-11-07T14:29:00.947

Modified: 2024-11-21T04:13:06.770

Link: CVE-2018-8021

cve-icon Redhat

No data.