CVE-2021-42250

CWE-117CWE-1165 documents4 sources
Severity
6.5MEDIUM
EPSS
0.7%
top 27.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache SupersetApache Software Foundation Apache Superset
Timeline
PublishedNov 17
Latest updateMay 24

Description

Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDapache/superset< 1.3.2
PyPIapache-superset< 1.3.2
CVEListV5apache_software_foundation/apache_supersetApache Superset1.3.1

🔴Vulnerability Details

4
OSV
Improper Encoding or Escaping of Output in Apache Superset2022-05-24
GHSA
Improper Encoding or Escaping of Output in Apache Superset2022-05-24
CVEList
Possible log injection2021-11-17
OSV
CVE-2021-42250: Improper output neutralization for Logs2021-11-17
CVE-2021-42250 (MEDIUM CVSS 6.5) | Improper output neutralization for | cvebase.io