Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2018-11-07T14:00:00
Updated: 2024-08-05T06:46:11.477Z
Reserved: 2018-03-09T00:00:00
Link: CVE-2018-8021
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-11-07T14:29:00.947
Modified: 2024-11-21T04:13:06.770
Link: CVE-2018-8021
Redhat
No data.