superset@0.18.4 vulnerabilities

Superset has moved to apache-superset, as of 0.34.0 onwards, please pip install apache-superset

latest version

0.30.1
first published

7 years ago
latest version published

4 years ago
licenses detected
- Apache-2.0
  [0,)
View superset package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the superset package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Access Restriction Bypass superset is a Superset has moved to apache-superset, as of 0.34.0 onwards, please pip install apache-superset. Affected versions of this package are vulnerable to Access Restriction Bypass where it is possible for all derived FAB `UserModelView` views to be accessible for non-admin users. How to fix Access Restriction Bypass? Upgrade `superset` to version 0.23.0 or higher.	[,0.23.0)
M Cross-site Scripting (XSS) superset is a Superset has moved to apache-superset, as of 0.34.0 onwards, please pip install apache-superset. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the markdown library and the `javascript` link handler. How to fix Cross-site Scripting (XSS)? Upgrade `superset` to version 0.23.0 or higher.	[,0.23.0)
C Deserialization of Untrusted Data superset is a Superset has moved to apache-superset, as of 0.34.0 onwards, please pip install apache-superset. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. It uses an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. How to fix Deserialization of Untrusted Data? Upgrade `superset` to version 0.23.0 or higher.	[,0.23.0)
M Open Redirect superset is a Superset has moved to apache-superset, as of 0.34.0 onwards, please pip install apache-superset. Affected versions of this package are vulnerable to Open Redirect. Insufficient user input validation of open redirects, the URL shortener functionality allows a malicious user to create a short URL for a dashboard and convince the user to click the link. How to fix Open Redirect? There is no fixed version for `superset`.	[0,)
H Cross-site Scripting (XSS) superset is a Superset has moved to apache-superset, as of 0.34.0 onwards, please pip install apache-superset. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Injection of malicious JavaScript could be possible via markup viz. How to fix Cross-site Scripting (XSS)? Upgrade `superset` to version 0.19.1 or higher.	[,0.19.1)

Go back to all versions of this package

superset@0.18.4 vulnerabilities

Superset has moved to apache-superset, as of 0.34.0 onwards, please pip install apache-superset

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities