CVE-2023-39264

Name of the Vulnerable Software and Affected Versions Apache Superset versions up to and including 2.1.0

Description The issue is related to stack traces for errors being enabled by default, resulting in the exposure of internal traces on REST API endpoints to users. This could potentially reveal sensitive information about the system's internal workings.

Recommendations For Apache Superset versions up to and including 2.1.0, consider disabling the default stack trace feature to prevent the exposure of internal traces on REST API endpoints. As a temporary workaround, restrict access to the REST API endpoints until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.