Apache · Apache Superset · CVE-2023-25504
**Name of the Vulnerable Software and Affected Versions**
Apache Superset versions up to and including 2.0.1
**Description**
A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed.
**Recommendations**
For Apache Superset versions up to and including 2.0.1, consider disabling the import dataset feature as a temporary workaround until a patch is available. Restrict access to internal resources to minimize the risk of exploitation.