Dario Castrogiovanni

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 1.1.0 Description: The issue allows for the creation of an external URL that could be malicious. By not checking user input for open redirects, the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link. Recommendations: For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue. As a temporary workaround, consider disabling the URL shortener functionality until a patch is available. Restrict access to the URL shortener module to minimize the risk of exploitation. Avoid using the URL shortener functionality for dashboards until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Apache Superset versions up to and including 0.38.0 Description: The issue allows a malicious user to inject javascript code, executing unwanted actions in the context of the user's browser, by creating a Markdown component on a Dashboard page. This is achieved by creating a "div" section and embedding in it an "svg" element with javascript code. The injected javascript code will be automatically executed when a legitimate user visits the dashboard page, resulting in a Stored XSS attack. Recommendations: For Apache Superset versions up to and including 0.38.0, consider disabling the Markdown component on Dashboard pages until a patch is available to prevent the injection of malicious javascript code. Restrict access to the Dashboard page to minimize the risk of exploitation. Avoid using the "div" section and "svg" element in the Markdown component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.