You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Daniel Gaspar <dp...@apache.org> on 2023/01/16 09:23:12 UTC

CVE-2022-43720: Apache Superset: Improper rendering of user input

Severity: low

Description:

An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Credit:

Positive Technologies (finder)

References:

https://superset.apache.org
https://www.cve.org/CVERecord?id=CVE-2022-43720