Re: CVE-2024-23952: Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb (version range fix for CVE-2023-46104)

Re: CVE-2024-23952: Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb (version range fix for CVE-2023-46104)

Open Source Security [[{„value“:“

Posted by Solar Designer on Feb 14

Hi Daniel,

This looks like misuse of CVE, and it only made things worse. Now you
need not only to update the original CVE’s description, but also get
this new CVE formally REJECT’ed as duplicate. You might need assistance
from others at Apache to get this right.

Here’s the previous report with CVE-2023-46104:

https://www.openwall.com/lists/oss-security/2023/12/19/1

Looks like the only thing that changed is „before…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert