CVE-2021-42250
MEDIUMApache Superset < 1.3.2 - Authenticated Log Forgery via HTTP Endpoint
Title source: llmDescription
Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs.
References (2)
Core 2
Core References
Mailing List, Vendor Advisory x_refsource_misc
https://lists.apache.org/thread/53lkszw6d3tybp5t99nvgcj538b9trw9
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/11/17/2
Scores
CVSS v3
6.5
EPSS
0.0176
EPSS Percentile
75.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-116
CWE-117
Status
published
Products (2)
apache/superset
< 1.3.2
pypi/apache-superset
0 - 1.3.2PyPI
Published
Nov 17, 2021
Tracked Since
Feb 18, 2026