CVE-2023-43701

Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 2.1.2

Description The issue is caused by improper payload validation and an improper REST API response type. This allows an authenticated malicious actor to store malicious code into Chart's metadata. The code can be executed if a user accesses a specific deprecated API endpoint.

Recommendations For Apache Superset versions prior to 2.1.2, upgrade to version 2.1.2 to fix the issue. As a temporary workaround, consider restricting access to the deprecated API endpoint until the upgrade is applied.