CVE-2023-42504

Опубликовано: 28 нояб. 2023

Источник: nvd

CVSS3: 5.8

CVSS3: 6.5

EPSS Низкий

Описание

An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.

This issue affects Apache Superset: before 3.0.0

Ссылки

http://www.openwall.com/lists/oss-security/2023/11/28/6
Mailing List
Third Party Advisory
https://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/11/28/6
Mailing List
Third Party Advisory
https://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*

Версия до 3.0.0 (исключая)

EPSS

Процентиль: 42%

0.00201

Низкий

5.8 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-770

Связанные уязвимости

GHSA-3hp7-4qq4-v5c6

CVSS3: 6.5

github

около 2 лет назад

Apache Superset Allocation of Resources Without Limits or Throttling vulnerability

EPSS

Процентиль: 42%

0.00201

Низкий

5.8 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-770