| |
Vulnerability CVE-2023-37941
Published: 2023-09-06
| Description: |
If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. This vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0. |
Type:
CWE-502 (Deserialization of Untrusted Data)
References: |
https://lists.apache.org/thread/6qk1zscc06yogxxfgz2bh2bvz6vh9g7h
|
|
|
Copyright 2026, cxsecurity.com
|
|
|
