CVE-2021-28125: URL Redirection to Untrusted Site (Open Redirect)

April 27, 2021 (updated November 7, 2023)

Apache Superset allows for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.

References

nvd.nist.gov/vuln/detail/CVE-2021-28125

Code Behaviors & Features

Detect and mitigate CVE-2021-28125 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →