PT-2021-23566 · Apache · Apache Superset

Published

2021-11-17

Updated

2025-02-05

CVE-2021-42250

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Apache Superset (affected versions not specified)

Description The issue concerns improper output neutralization for logs, allowing an authenticated user to forge log entries or inject malicious content into logs through a specific Apache Superset HTTP endpoint.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116CWE-117

Related Identifiers

BIT-SUPERSET-2021-42250

CVE-2021-42250

GHSA-5FP8-C45M-256P

PYSEC-2021-435

Affected Products

Apache Superset

PT-2021-23566 · Apache · Apache Superset

CVE-2021-42250

Weakness Enumeration

Related Identifiers

Affected Products

References · 12