Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.
This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.
References
Configurations
Configuration 1 (hide)
|
History
14 Feb 2024, 14:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Dec 2023, 17:05
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2023/12/19/1 - Mailing List | |
References | () https://lists.apache.org/thread/yxbxg4wryb7cb7wyybk11l5nqy0rsrvl - Vendor Advisory | |
CPE | cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Apache
Apache superset |
19 Dec 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-19 10:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-46104
Mitre link : CVE-2023-46104
CVE.ORG link : CVE-2023-46104
JSON object : View
Products Affected
apache
- superset
CWE
CWE-400
Uncontrolled Resource Consumption