CVE-2021-28125
MEDIUM6.1EPSS 2.6%Apache Superset Open Redirect
發布日:2021/10/6修改日:2026/2/24
描述
Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.
受影響套件(4)
- Bitnami/supersetfrom 0, < 1.0.2
- PyPI/apache-supersetfrom 0, < 1.1.0
- PyPI/apache-supersetfrom 0, < 1.1.0
- PyPI/supersetfrom 0, <= 0.34.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
參考連結(8)
- ADVISORYhttps://github.com/advisories/GHSA-pfwg-rxf4-97c3
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-28125
- PATCHhttps://github.com/apache/superset
- WEBhttps://github.com/apache/superset/commit/eb35b804acf4d84cb70d02743e04b8afebbee029
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-128.yaml
- WEBhttps://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434@%3Cdev.superset.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E
- WEBhttp://www.openwall.com/lists/oss-security/2021/04/27/2