CVE-2021-42250: Improper Encoding or Escaping of Output in Apache Superset

May 24, 2022 (updated November 18, 2024)

Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs.

References

github.com/advisories/GHSA-5fp8-c45m-256p
github.com/apache/superset
github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-435.yaml
lists.apache.org/thread/53lkszw6d3tybp5t99nvgcj538b9trw9
nvd.nist.gov/vuln/detail/CVE-2021-42250

Code Behaviors & Features

Detect and mitigate CVE-2021-42250 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →