You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Daniel Gaspar <dp...@apache.org> on 2021/11/17 14:59:19 UTC

CVE-2021-42250: Apache Superset: Possible log injection

Description:

Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs.

Mitigation:

Upgrade to Apache Superset 1.3.2 or higher

Credit:

Found and reported by Duxiaoman Financial Security Team