Homepage
About Snyk

Information Exposure Affecting apache-superset package, versions [,2.1.1)

Severity

 Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    0.06% (29th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-APACHESUPERSET-5904205
  • published 17 Sep 2023
  • disclosed 6 Sep 2023
  • credit Miguel Segovia Gil
Report a new vulnerability Found a mistake?

Introduced: 6 Sep 2023

CVE-2023-39264 Open this link in a new tab
CWE-209 Open this link in a new tab

How to fix?

Upgrade apache-superset to version 2.1.1 or higher.

Overview

apache-superset is a modern, enterprise-ready business intelligence web application.

Affected versions of this package are vulnerable to Information Exposure such that by default, stack traces for errors are enabled, which results in the exposure of internal traces on REST API endpoints to users.

CVSS Scores

version 3.1
Expand this section

Snyk

4.3 medium
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    Low
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    Low
  • Integrity (I)
    None
  • Availability (A)
    None
Expand this section

NVD

4.3 medium