Access Restriction Bypass Affecting superset Open this link in a new tab package, versions [,0.23.0)
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-PYTHON-SUPERSET-2869106
-
published
12 Jun 2022
-
disclosed
12 Jun 2022
-
credit
john-bodley
How to fix?
Upgrade superset
to version 0.23.0 or higher.
Overview
superset is a Superset has moved to apache-superset, as of 0.34.0 onwards, please pip install apache-superset.
Affected versions of this package are vulnerable to Access Restriction Bypass where it is possible for all derived FAB UserModelView
views to be accessible for non-admin users.