Описание
This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset.
Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.1.3 (исключая)Версия от 3.0.0 (включая) до 3.0.2 (исключая)
Одно из
cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01378
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-400
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 6.5
github
больше 1 года назад
Duplicate Advisory: Apache Superset uncontrolled resource consumption
EPSS
Процентиль: 80%
0.01378
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-400
NVD-CWE-noinfo