Search criteria
2 vulnerabilities found for Superset by unspecified
CVE-2018-8021 (GCVE-0-2018-8021)
Vulnerability from cvelistv5 – Published: 2018-11-07 14:00 – Updated: 2024-08-05 06:46
VLAI?
Summary
Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.
Severity ?
No CVSS data available.
CWE
- RCE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| unspecified | Superset |
Affected:
prior to 0.23
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:11.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45933",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45933/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apache/incubator-superset/pull/4243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Superset",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "prior to 0.23"
}
]
}
],
"datePublic": "2018-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "RCE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-05T10:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "45933",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45933/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apache/incubator-superset/pull/4243"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-8021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Superset",
"version": {
"version_data": [
{
"version_value": "prior to 0.23"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "RCE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45933",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45933/"
},
{
"name": "https://github.com/apache/incubator-superset/pull/4243",
"refsource": "MISC",
"url": "https://github.com/apache/incubator-superset/pull/4243"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-8021",
"datePublished": "2018-11-07T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:46:11.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8021 (GCVE-0-2018-8021)
Vulnerability from nvd – Published: 2018-11-07 14:00 – Updated: 2024-08-05 06:46
VLAI?
Summary
Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.
Severity ?
No CVSS data available.
CWE
- RCE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| unspecified | Superset |
Affected:
prior to 0.23
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:11.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45933",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45933/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apache/incubator-superset/pull/4243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Superset",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "prior to 0.23"
}
]
}
],
"datePublic": "2018-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "RCE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-05T10:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "45933",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45933/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apache/incubator-superset/pull/4243"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-8021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Superset",
"version": {
"version_data": [
{
"version_value": "prior to 0.23"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "RCE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45933",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45933/"
},
{
"name": "https://github.com/apache/incubator-superset/pull/4243",
"refsource": "MISC",
"url": "https://github.com/apache/incubator-superset/pull/4243"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-8021",
"datePublished": "2018-11-07T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:46:11.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}