QwikSec

Security Database

CVE

CWE

Training

CVE-2021-28125

Published: Apr 27, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.

Vendor	Product	Versions
Apache Software Foundation	Apache Superset	affected `Apache Superset - <= 1.0.1`

Weaknesses (CWE)

References

https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E

x_refsource_MISC

[superset-dev] 20210427 CVE-2021-28125: Apache Superset Open Redirect

mailing-list

x_refsource_MLIST

[oss-security] 20210427 CVE-2021-28125: Apache Superset Open Redirect

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.