CVE-2018-8021

Опубликовано: 07 нояб. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Высокий

Описание

Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.

Ссылки

https://github.com/apache/incubator-superset/pull/4243
Patch
Third Party Advisory
https://www.exploit-db.com/exploits/45933/
Exploit
Third Party Advisory
VDB Entry
https://github.com/apache/incubator-superset/pull/4243
Patch
Third Party Advisory
https://www.exploit-db.com/exploits/45933/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*

Версия до 0.23 (исключая)

EPSS

Процентиль: 99%

0.78272

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502

Связанные уязвимости

GHSA-vxp9-wv2f-wqmw