CVE-2022-43717

MEDIUM5.4EPSS 1.5%

Apache Superset vulnerable to Cross-site Scripting

發布日:2023/1/16修改日:2025/2/5

也稱為:GHSA-9f88-wg5r-947jBIT-superset-2022-43717

描述

Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

受影響套件(2)

Bitnami/supersetfrom 0, < 1.5.3, >= 2.0.0, < 2.0.1
PyPI/apache-supersetfrom 0, <= 1.5.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-43717
PATCHhttps://github.com/apache/superset
WEBhttps://lists.apache.org/thread/g6zy6vkpvkbj5mj32vmyzwol5ldtg9pl