Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints
High severity
GitHub Reviewed
Published
Jan 16, 2023
to the GitHub Advisory Database
•
Updated Jan 24, 2023
Description
Published by the National Vulnerability Database
Jan 16, 2023
Published to the GitHub Advisory Database
Jan 16, 2023
Reviewed
Jan 20, 2023
Last updated
Jan 24, 2023
Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
References