You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by dp...@apache.org on 2023/12/20 03:39:46 UTC
(superset) branch master updated: docs: update CVEs fixed on 3.0.2 and 2.1.3 (#26308)
This is an automated email from the ASF dual-hosted git repository.
dpgaspar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git
The following commit(s) were added to refs/heads/master by this push:
new 8c32c6da16 docs: update CVEs fixed on 3.0.2 and 2.1.3 (#26308)
8c32c6da16 is described below
commit 8c32c6da169afec312923e516850d90a69e78f46
Author: Daniel Vaz Gaspar <da...@gmail.com>
AuthorDate: Wed Dec 20 03:39:39 2023 +0000
docs: update CVEs fixed on 3.0.2 and 2.1.3 (#26308)
---
docs/docs/security/cves.mdx | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/docs/docs/security/cves.mdx b/docs/docs/security/cves.mdx
index ea6ac0b65b..6422dfd019 100644
--- a/docs/docs/security/cves.mdx
+++ b/docs/docs/security/cves.mdx
@@ -4,15 +4,30 @@ hide_title: true
sidebar_position: 2
---
+#### Version 3.0.2, 2.1.3
+
+| CVE | Title | Affected |
+|:---------------|:------------------------------------------------------------|---------------------------:|
+| CVE-2023-46104 | Allows for uncontrolled resource consumption via a ZIP bomb | < 2.1.3, >= 3.0.0, < 3.0.2 |
+| CVE-2023-49736 | SQL Injection on where_in JINJA macro | < 2.1.3, >= 3.0.0, < 3.0.2 |
+| CVE-2023-49734 | Privilege Escalation Vulnerability | < 2.1.3, >= 3.0.0, < 3.0.2 |
+
+
#### Version 3.0.0
| CVE | Title | Affected |
|:---------------|:------------------------------------------------------------------------|---------:|
| CVE-2023-42502 | Open Redirect Vulnerability | < 3.0.0 |
-| CVE-2023-42504 | Lack of rate limiting allows for possible denial of service | < 3.0.0 |
| CVE-2023-42505 | Sensitive information disclosure on db connection details | < 3.0.0 |
+#### Version 2.1.3
+
+| CVE | Title | Affected |
+|:---------------|:------------------------------------------------------------------------|---------:|
+| CVE-2023-42504 | Lack of rate limiting allows for possible denial of service | < 2.1.3 |
+
+
#### Version 2.1.2
| CVE | Title | Affected |