Lucene search
HistoryDec 19, 2023 - 10:15 a.m.
CVE-2023-46104
apache superset
vulnerability
resource consumption
zip upload
authenticated attacker
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
50.9%
Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.
This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.
Affected configurations
Node
apachesupersetRange<2.1.3
ORapachesupersetRange3.0.0–3.0.1
Related
veracode
veracode
Denial Of Service (DoS)
2023-12-20 09:48:38
osv
osv
Apache Superset uncontrolled resource consumption
2023-12-19 12:30:19
CVE-2023-46104
2023-12-19 10:15:07
cve
cve
CVE-2023-46104
2023-12-19 10:15:07
CVE-2024-23952
2024-02-14 12:15:47
prion
prion
Code injection
2023-12-19 10:15:00
Code injection
2024-02-14 12:15:00
cvelist
cvelist
github
github
Apache Superset uncontrolled resource consumption
2023-12-19 12:30:19
Duplicate Advisory: Apache Superset uncontrolled resource consumption
2024-05-30 20:53:33
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-23952
2024-02-14 12:15:47
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
50.9%
Related for NVD:CVE-2023-46104