oss-sec mailing list archives
CVE-2024-23952: Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb (version range fix for CVE-2023-46104)
From: Daniel Gaspar <dpgaspar () apache org>
Date: Wed, 14 Feb 2024 11:03:06 +0000
Affected versions: - Apache Superset before 2.1.3 - Apache Superset 3.0.0 before 3.0.2 Description: This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset. Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1. Credit: Dor Konis – GE Vernova (finder) References: https://superset.apache.org https://www.cve.org/CVERecord?id=CVE-2024-23952
Current thread:
- CVE-2024-23952: Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb (version range fix for CVE-2023-46104) Daniel Gaspar (Feb 14)