CVE-2021-28125

Summary

Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache SupersetApache Superset <= 1.0.1affected

Weaknesses

  • CWE-601: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

Workarounds

https://github.com/apache/superset/pull/13461

ADP Enrichment

CVE Program Container

Additional References

References