oss-sec mailing list archives
CVE-2021-42250: Apache Superset: Possible log injection
From: Daniel Gaspar <dpgaspar () apache org>
Date: Wed, 17 Nov 2021 14:59:19 +0000
Description: Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs. Mitigation: Upgrade to Apache Superset 1.3.2 or higher Credit: Found and reported by Duxiaoman Financial Security Team
Current thread:
- CVE-2021-42250: Apache Superset: Possible log injection Daniel Gaspar (Nov 17)