CVE-2023-42504

CWE-770Allocation without Limits4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 56.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache SupersetApache Superset
Timeline
PublishedNov 28

Description

An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service. This issue affects Apache Superset: before 3.0.0

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.3 | Impact: 4.0

Affected Packages3 packages

NVDapache/superset< 3.0.0
PyPIapache-superset< 3.0.0

🔴Vulnerability Details

3
CVEList
Apache Superset: Lack of rate limiting allows for possible denial of service2023-11-28
OSV
Apache Superset Allocation of Resources Without Limits or Throttling vulnerability2023-11-28
GHSA
Apache Superset Allocation of Resources Without Limits or Throttling vulnerability2023-11-28
CVE-2023-42504 (MEDIUM CVSS 6.5) | An authenticated malicious user cou | cvebase.io