Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Superset by unspecified
CVE-2018-8021 (GCVE-0-2018-8021)
Vulnerability from nvd – Published: 2018-11-07 14:00 – Updated: 2024-08-05 06:46
VLAI
EPSS
VEX
Summary
Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.
Severity
No CVSS data available.
CWE
- RCE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45933/ | exploitx_refsource_EXPLOIT-DB |
| https://github.com/apache/incubator-superset/pull/4243 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | Superset |
Affected:
prior to 0.23
|
Date Public
2018-11-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:11.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45933",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45933/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apache/incubator-superset/pull/4243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Superset",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "prior to 0.23"
}
]
}
],
"datePublic": "2018-11-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "RCE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-05T10:57:01.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "45933",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45933/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apache/incubator-superset/pull/4243"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-8021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Superset",
"version": {
"version_data": [
{
"version_value": "prior to 0.23"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "RCE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45933",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45933/"
},
{
"name": "https://github.com/apache/incubator-superset/pull/4243",
"refsource": "MISC",
"url": "https://github.com/apache/incubator-superset/pull/4243"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-8021",
"datePublished": "2018-11-07T14:00:00.000Z",
"dateReserved": "2018-03-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:46:11.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8021 (GCVE-0-2018-8021)
Vulnerability from cvelistv5 – Published: 2018-11-07 14:00 – Updated: 2024-08-05 06:46
VLAI
EPSS
VEX
Summary
Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.
Severity
No CVSS data available.
CWE
- RCE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45933/ | exploitx_refsource_EXPLOIT-DB |
| https://github.com/apache/incubator-superset/pull/4243 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | Superset |
Affected:
prior to 0.23
|
Date Public
2018-11-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:11.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45933",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45933/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apache/incubator-superset/pull/4243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Superset",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "prior to 0.23"
}
]
}
],
"datePublic": "2018-11-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "RCE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-05T10:57:01.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "45933",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45933/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apache/incubator-superset/pull/4243"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-8021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Superset",
"version": {
"version_data": [
{
"version_value": "prior to 0.23"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "RCE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45933",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45933/"
},
{
"name": "https://github.com/apache/incubator-superset/pull/4243",
"refsource": "MISC",
"url": "https://github.com/apache/incubator-superset/pull/4243"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-8021",
"datePublished": "2018-11-07T14:00:00.000Z",
"dateReserved": "2018-03-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:46:11.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}