CVE-2024-53948: Apache Superset: Error verbosity exposes metadata in analytics databases

December 9, 2024 (updated February 11, 2025)

Generation of Error Message Containing analytics metadata Information in Apache Superset.

This issue affects Apache Superset: before 4.1.0.

Users are recommended to upgrade to version 4.1.0, which fixes the issue.

References

github.com/advisories/GHSA-2cx9-54hp-r698
github.com/apache/superset
github.com/apache/superset/commit/ac3a10d8f192520580b8ce545cf418dc7928d27c
lists.apache.org/thread/8howpf3png0wrgpls46ggk441oczlfvf
nvd.nist.gov/vuln/detail/CVE-2024-53948

Code Behaviors & Features

Detect and mitigate CVE-2024-53948 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →