Vulnerabilites related to unspecified - Superset
CVE-2018-8021 (GCVE-0-2018-8021)
Vulnerability from cvelistv5
Published
2018-11-07 14:00
Modified
2024-08-05 06:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- RCE
Summary
Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| unspecified | Superset |
Version: prior to 0.23 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:11.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45933",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45933/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apache/incubator-superset/pull/4243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Superset",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "prior to 0.23"
}
]
}
],
"datePublic": "2018-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "RCE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-05T10:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "45933",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45933/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apache/incubator-superset/pull/4243"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-8021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Superset",
"version": {
"version_data": [
{
"version_value": "prior to 0.23"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "RCE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45933",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45933/"
},
{
"name": "https://github.com/apache/incubator-superset/pull/4243",
"refsource": "MISC",
"url": "https://github.com/apache/incubator-superset/pull/4243"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-8021",
"datePublished": "2018-11-07T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:46:11.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}