Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Superset by unspecified
CVE-2018-8021 (GCVE-0-2018-8021)
Vulnerability from nvd – Published: 2018-11-07 14:00 – Updated: 2024-08-05 06:46
VLAI?
Summary
Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.
Severity ?
No CVSS data available.
CWE
- RCE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| unspecified | Superset |
Affected:
prior to 0.23
|
Date Public ?
2018-11-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:11.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45933",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45933/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apache/incubator-superset/pull/4243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Superset",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "prior to 0.23"
}
]
}
],
"datePublic": "2018-11-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "RCE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-05T10:57:01.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "45933",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45933/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apache/incubator-superset/pull/4243"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-8021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Superset",
"version": {
"version_data": [
{
"version_value": "prior to 0.23"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "RCE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45933",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45933/"
},
{
"name": "https://github.com/apache/incubator-superset/pull/4243",
"refsource": "MISC",
"url": "https://github.com/apache/incubator-superset/pull/4243"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-8021",
"datePublished": "2018-11-07T14:00:00.000Z",
"dateReserved": "2018-03-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:46:11.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8021 (GCVE-0-2018-8021)
Vulnerability from cvelistv5 – Published: 2018-11-07 14:00 – Updated: 2024-08-05 06:46
VLAI?
Summary
Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.
Severity ?
No CVSS data available.
CWE
- RCE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| unspecified | Superset |
Affected:
prior to 0.23
|
Date Public ?
2018-11-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:11.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45933",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45933/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apache/incubator-superset/pull/4243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Superset",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "prior to 0.23"
}
]
}
],
"datePublic": "2018-11-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "RCE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-05T10:57:01.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "45933",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45933/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apache/incubator-superset/pull/4243"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-8021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Superset",
"version": {
"version_data": [
{
"version_value": "prior to 0.23"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "RCE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45933",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45933/"
},
{
"name": "https://github.com/apache/incubator-superset/pull/4243",
"refsource": "MISC",
"url": "https://github.com/apache/incubator-superset/pull/4243"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-8021",
"datePublished": "2018-11-07T14:00:00.000Z",
"dateReserved": "2018-03-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:46:11.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}