CVE-2022-43718

MEDIUM5.4EPSS 0.50%

Apache Superset is vulnerable to Cross-Site Scripting (XSS)

發布日:2023/1/16修改日:2025/4/7

也稱為:GHSA-79x5-cv79-49rjBIT-superset-2022-43718

描述

Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

受影響套件(2)

Bitnami/supersetfrom 0, < 1.5.3, >= 2.0.0, < 2.0.1
PyPI/apache-supersetfrom 0, <= 1.5.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-43718
PATCHhttps://github.com/apache/superset
WEBhttps://lists.apache.org/thread/8615608jt2x7b3rmqrtngldy8pn3nz2r