CVE-2023-39264 – apache-superset

Package

Manager: pip
Name: apache-superset
Vulnerable Version: >=0 <=2.1.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00076 pctl0.23481

Details

Apache Superset may expose internal traces on REST API endpoints By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.

Metadata

Created: 2023-09-06T15:30:26Z
Modified: 2023-09-08T12:18:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-cpvx-2365-466c/GHSA-cpvx-2365-466c.json
CWE IDs: ["CWE-209"]
Alternative ID: GHSA-cpvx-2365-466c
Finding: F037
Auto approve: 1