CVE-2024-23952: Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb (version range fix for CVE-2023-46104)

CVE-2024-23952: Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb (version range fix for CVE-2023-46104)

Open Source Security [[{„value“:“

Posted by Daniel Gaspar on Feb 14

Affected versions:

– Apache Superset before 2.1.3
– Apache Superset 3.0.0 before 3.0.2

Description:

This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset.

Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import
database, dashboards or datasets.  
This vulnerability exists in Apache Superset versions up to and including 2.1.2 and…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert