CVE-2023-23952
published 2023-06-01CVE-2023-23952: Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability.
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.35%
68.0th percentile
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| broadcom | advanced_secure_gateway | < 7.3.13.1 | 7.3.13.1 |
| broadcom | content_analysis | < 3.1.6.0 | 3.1.6.0 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ghsa6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Duplicate Advisory: Apache Superset uncontrolled resource consumption
ghsa·2024-05-30·CVSS 6.5
CVE-2024-23952 [MEDIUM] CWE-400 Duplicate Advisory: Apache Superset uncontrolled resource consumption
Duplicate Advisory: Apache Superset uncontrolled resource consumption
## Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of CVE-2023-46104. This link is maintained to preserve external references.
## Original Description
With correct CVE version ranges for affected Apache Superset.
Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.
This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.
GHSA
GHSA-gjqm-p585-r974: Advanced Secure Gateway and Content Analysis, prior to 7
ghsa_unreviewed·2023-06-01
CVE-2023-23952 [CRITICAL] CWE-77 GHSA-gjqm-p585-r974: Advanced Secure Gateway and Content Analysis, prior to 7
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-06-01
Published