Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache Superset versions prior to 2.1.2.
Users are recommended to upgrade to version 2.1.2, which fixes this issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2023-11-27T10:52:09.754Z
Updated: 2024-08-02T19:44:43.832Z
Reserved: 2023-09-21T11:46:12.851Z
Link: CVE-2023-43701
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-11-27T11:15:07.950
Modified: 2024-11-21T08:24:36.127
Link: CVE-2023-43701
Redhat
No data.