CVE-2021-37839

MEDIUM4.3EPSS 0.34%

Improper access to dataset metadata information

Published: 7/7/2022Modified: 2/24/2026

Description

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.

Affected packages (2)

Bitnami/supersetfrom 0, < 1.5.2
PyPI/apache-supersetfrom 0, < 1.5.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-37839
PATCHhttps://github.com/apache/superset
WEBhttps://github.com/apache/superset/commit/2bd89d1705347da5446902a3f65eb8d0a6353503
WEBhttps://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82