Vulnerabilities > CVE-2023-46104 - Unspecified vulnerability in Apache Superset
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.
Vulnerable Configurations
References
- http://www.openwall.com/lists/oss-security/2023/12/19/1
- http://www.openwall.com/lists/oss-security/2023/12/19/1
- http://www.openwall.com/lists/oss-security/2024/02/14/2
- http://www.openwall.com/lists/oss-security/2024/02/14/2
- http://www.openwall.com/lists/oss-security/2024/02/14/3
- http://www.openwall.com/lists/oss-security/2024/02/14/3
- https://lists.apache.org/thread/yxbxg4wryb7cb7wyybk11l5nqy0rsrvl
- https://lists.apache.org/thread/yxbxg4wryb7cb7wyybk11l5nqy0rsrvl