CVE-2021-42250

Summary

Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache SupersetApache Superset <= 1.3.1affected

Weaknesses

  • CWE-117: CWE-117 Improper Output Neutralization for Logs

Workarounds

Upgrade to Apache Superset 1.3.2 or higher

ADP Enrichment

CVE Program Container

Additional References

References