CVE-2021-42250

MEDIUM

Apache Superset - Info Disclosure

Title source: llm

Description

Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs.

References (2)

[Mailing List, Vendor Advisory] https://lists.apache.org/thread/53lkszw6d3tybp5t99nvgcj538b9trw9

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2021/11/17/2

Scores

CVSS v3 6.5

EPSS 0.0055

EPSS Percentile 67.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-116 CWE-117

Status published

Products (2)

apache/superset < 1.3.2

pypi/apache-superset 0 - 1.3.2PyPI

Published Nov 17, 2021

Tracked Since Feb 18, 2026