CVE-2021-28125

CWE-601 — Open Redirect5 documents4 sources

Severity

6.1MEDIUM

EPSS

4.9%

top 10.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Superset Apache Superset

Timeline

PublishedApr 27

Latest updateOct 6

Description

Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶PyPIapache-superset< 1.1.0

▶NVDapache/superset1.0.1

▶CVEListV5apache_software_foundation/apache_supersetApache Superset — 1.0.1

▶PyPIsuperset0.34.0

🔴Vulnerability Details

GHSA

Open Redirect in Apache Superset↗2021-10-06

▶

OSV

Open Redirect in Apache Superset↗2021-10-06

▶

CVEList

Apache Superset Open Redirect↗2021-04-27

▶

OSV

CVE-2021-28125: Apache Superset up to and including 1↗2021-04-27

▶