Lucene search
ApacheCVELIST:CVE-2021-28125HistoryApr 27, 2021 - 9:27 a.m.
CVE-2021-28125 Apache Superset Open Redirect
2021-04-2709:27:22
CWE-601
apache
www.cve.org
11
apache superset
open redirect
external url
malicious user
dashboard
EPSS
0.004
Percentile
74.8%
Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.
CNA Affected
[
{
"product": "Apache Superset",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.0.1",
"status": "affected",
"version": "Apache Superset",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2021-28125
2021-04-27 10:15:09
Open Redirect in Apache Superset
2021-10-06 17:47:53
PYSEC-2021-128
2021-04-27 10:15:00
veracode
veracode
Open Redirection
2021-04-29 18:32:31
prion
prion
Open redirect
2021-04-27 10:15:00
github
github
Open Redirect in Apache Superset
2021-10-06 17:47:53
nvd
nvd
CVE-2021-28125
2021-04-27 10:15:09
cve
cve
CVE-2021-28125
2021-04-27 10:15:09