Lucene search
GoogleOSV:CVE-2023-46104HistoryDec 19, 2023 - 10:15 a.m.
CVE-2023-46104
2023-12-1910:15:07
Google
osv.dev
7
apache superset
uncontrolled resource consumption
malicious zip upload
vulnerability
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
50.9%
Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.
This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.
Related
veracode
veracode
Denial Of Service (DoS)
2023-12-20 09:48:38
osv
osv
Apache Superset uncontrolled resource consumption
2023-12-19 12:30:19
cve
cve
CVE-2023-46104
2023-12-19 10:15:07
CVE-2024-23952
2024-02-14 12:15:47
prion
prion
Code injection
2023-12-19 10:15:00
Code injection
2024-02-14 12:15:00
nvd
nvd
CVE-2023-46104
2023-12-19 10:15:07
CVE-2024-23952
2024-02-14 12:15:47
cvelist
cvelist
github
github
Apache Superset uncontrolled resource consumption
2023-12-19 12:30:19
Duplicate Advisory: Apache Superset uncontrolled resource consumption
2024-05-30 20:53:33
vulnrichment
vulnrichment
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
50.9%
Related for OSV:CVE-2023-46104