You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by Daniel Gaspar <dp...@apache.org> on 2021/11/17 14:59:19 UTC
CVE-2021-42250: Apache Superset: Possible log injection
Description:
Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs.
Mitigation:
Upgrade to Apache Superset 1.3.2 or higher
Credit:
Found and reported by Duxiaoman Financial Security Team