English
EN
Français
FR
Language
English
EN
Français
FR

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

DNA View

CVE-2018-8021

Low
Low Medium High Critical
CVSS Score
Published: Nov 07, 2018
Last Modified: Nov 21, 2024
CWE: CWE-502

Vulnerability Description

Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.

Known Affected Software

64 configuration(s) from 1 vendor(s)

superset
Version:
0.13.1
CPE:
cpe:2.3:a:apache:superset:0.13.1:*:*:*:*:*:*:*
superset
Version:
0.8.6
CPE:
cpe:2.3:a:apache:superset:0.8.6:*:*:*:*:*:*:*
superset
Version:
0.17.2
CPE:
cpe:2.3:a:apache:superset:0.17.2:*:*:*:*:*:*:*
superset
Version:
0.14.0
CPE:
cpe:2.3:a:apache:superset:0.14.0:*:*:*:*:*:*:*
superset
Version:
0.8.4
CPE:
cpe:2.3:a:apache:superset:0.8.4:*:*:*:*:*:*:*
superset
Version:
0.15.4.1
CPE:
cpe:2.3:a:apache:superset:0.15.4.1:*:*:*:*:*:*:*
superset
Version:
0.13.2
CPE:
cpe:2.3:a:apache:superset:0.13.2:*:*:*:*:*:*:*
superset
Version:
0.7.0
CPE:
cpe:2.3:a:apache:superset:0.7.0:*:*:*:*:*:*:*
superset
Version:
0.18.0
CPE:
cpe:2.3:a:apache:superset:0.18.0:*:*:*:*:*:*:*
superset
Version:
0.14.1
CPE:
cpe:2.3:a:apache:superset:0.14.1:*:*:*:*:*:*:*
superset
Version:
0.8.8
CPE:
cpe:2.3:a:apache:superset:0.8.8:*:*:*:*:*:*:*
superset
Version:
0.13.0
CPE:
cpe:2.3:a:apache:superset:0.13.0:*:*:*:*:*:*:*
superset
Version:
0.17.5
CPE:
cpe:2.3:a:apache:superset:0.17.5:*:*:*:*:*:*:*
superset
Version:
0.18.2
CPE:
cpe:2.3:a:apache:superset:0.18.2:*:*:*:*:*:*:*
superset
Version:
0.8.5
CPE:
cpe:2.3:a:apache:superset:0.8.5:*:*:*:*:*:*:*
superset
Version:
0.8.7
CPE:
cpe:2.3:a:apache:superset:0.8.7:*:*:*:*:*:*:*
superset
Version:
0.9.1
CPE:
cpe:2.3:a:apache:superset:0.9.1:*:*:*:*:*:*:*
superset
Version:
0.2.0
CPE:
cpe:2.3:a:apache:superset:0.2.0:*:*:*:*:*:*:*
superset
Version:
0.15.1
CPE:
cpe:2.3:a:apache:superset:0.15.1:*:*:*:*:*:*:*
superset
Version:
0.21.2
CPE:
cpe:2.3:a:apache:superset:0.21.2:*:*:*:*:*:*:*
superset
Version:
0.15.3
CPE:
cpe:2.3:a:apache:superset:0.15.3:*:*:*:*:*:*:*
superset
Version:
0.6.1
CPE:
cpe:2.3:a:apache:superset:0.6.1:*:*:*:*:*:*:*
superset
Version:
0.16.1
CPE:
cpe:2.3:a:apache:superset:0.16.1:*:*:*:*:*:*:*
superset
Version:
0.18.3
CPE:
cpe:2.3:a:apache:superset:0.18.3:*:*:*:*:*:*:*
superset
Version:
0.20.0
CPE:
cpe:2.3:a:apache:superset:0.20.0:*:*:*:*:*:*:*
superset
Version:
0.15.4
CPE:
cpe:2.3:a:apache:superset:0.15.4:*:*:*:*:*:*:*
superset
Version:
0.8.0
CPE:
cpe:2.3:a:apache:superset:0.8.0:*:*:*:*:*:*:*
superset
Version:
0.21.0
CPE:
cpe:2.3:a:apache:superset:0.21.0:*:*:*:*:*:*:*
superset
Version:
0.18.4
CPE:
cpe:2.3:a:apache:superset:0.18.4:*:*:*:*:*:*:*
superset
Version:
0.20.5
CPE:
cpe:2.3:a:apache:superset:0.20.5:*:*:*:*:*:*:*
superset
Version:
0.20.6
CPE:
cpe:2.3:a:apache:superset:0.20.6:*:*:*:*:*:*:*
superset
Version:
0.8.9
CPE:
cpe:2.3:a:apache:superset:0.8.9:*:*:*:*:*:*:*
superset
Version:
0.15.0
CPE:
cpe:2.3:a:apache:superset:0.15.0:*:*:*:*:*:*:*
superset
Version:
0.12.0
CPE:
cpe:2.3:a:apache:superset:0.12.0:*:*:*:*:*:*:*
superset
Version:
0.5.2
CPE:
cpe:2.3:a:apache:superset:0.5.2:*:*:*:*:*:*:*
superset
Version:
0.8.2
CPE:
cpe:2.3:a:apache:superset:0.8.2:*:*:*:*:*:*:*
superset
Version:
0.20.1
CPE:
cpe:2.3:a:apache:superset:0.20.1:*:*:*:*:*:*:*
superset
Version:
0.5.1
CPE:
cpe:2.3:a:apache:superset:0.5.1:*:*:*:*:*:*:*
superset
Version:
0.2.1
CPE:
cpe:2.3:a:apache:superset:0.2.1:*:*:*:*:*:*:*
superset
Version:
0.11.0
CPE:
cpe:2.3:a:apache:superset:0.11.0:*:*:*:*:*:*:*
superset
Version:
0.10.0
CPE:
cpe:2.3:a:apache:superset:0.10.0:*:*:*:*:*:*:*
superset
Version:
0.17.4
CPE:
cpe:2.3:a:apache:superset:0.17.4:*:*:*:*:*:*:*
superset
Version:
0.8.3
CPE:
cpe:2.3:a:apache:superset:0.8.3:*:*:*:*:*:*:*
superset
Version:
0.21.1
CPE:
cpe:2.3:a:apache:superset:0.21.1:*:*:*:*:*:*:*
superset
Version:
0.17.3
CPE:
cpe:2.3:a:apache:superset:0.17.3:*:*:*:*:*:*:*
superset
Version:
0.17.0
CPE:
cpe:2.3:a:apache:superset:0.17.0:*:*:*:*:*:*:*
superset
Version:
0.5.3
CPE:
cpe:2.3:a:apache:superset:0.5.3:*:*:*:*:*:*:*
superset
Version:
0.20.3
CPE:
cpe:2.3:a:apache:superset:0.20.3:*:*:*:*:*:*:*
superset
Version:
0.20.4
CPE:
cpe:2.3:a:apache:superset:0.20.4:*:*:*:*:*:*:*
superset
Version:
0.18.5
CPE:
cpe:2.3:a:apache:superset:0.18.5:*:*:*:*:*:*:*
superset
Version:
0.16.0
CPE:
cpe:2.3:a:apache:superset:0.16.0:*:*:*:*:*:*:*
superset
Version:
0.20.2
CPE:
cpe:2.3:a:apache:superset:0.20.2:*:*:*:*:*:*:*
superset
Version:
0.9.0
CPE:
cpe:2.3:a:apache:superset:0.9.0:*:*:*:*:*:*:*
superset
Version:
0.17.1
CPE:
cpe:2.3:a:apache:superset:0.17.1:*:*:*:*:*:*:*
superset
Version:
0.19.1
CPE:
cpe:2.3:a:apache:superset:0.19.1:*:*:*:*:*:*:*
superset
Version:
0.4.0
CPE:
cpe:2.3:a:apache:superset:0.4.0:*:*:*:*:*:*:*
superset
Version:
0.22.1
CPE:
cpe:2.3:a:apache:superset:0.22.1:*:*:*:*:*:*:*
superset
Version:
0.8.1
CPE:
cpe:2.3:a:apache:superset:0.8.1:*:*:*:*:*:*:*
superset
Version:
0.6.0
CPE:
cpe:2.3:a:apache:superset:0.6.0:*:*:*:*:*:*:*
superset
Version:
0.19.0
CPE:
cpe:2.3:a:apache:superset:0.19.0:*:*:*:*:*:*:*
superset
Version:
0.15.2
CPE:
cpe:2.3:a:apache:superset:0.15.2:*:*:*:*:*:*:*
superset
Version:
0.22.0
CPE:
cpe:2.3:a:apache:superset:0.22.0:*:*:*:*:*:*:*
superset
Version:
0.17.6
CPE:
cpe:2.3:a:apache:superset:0.17.6:*:*:*:*:*:*:*
superset
Version:
0.5.0
CPE:
cpe:2.3:a:apache:superset:0.5.0:*:*:*:*:*:*:*
This vulnerability affects 64 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

out of 10.0
Low

Weakness Type (CWE)

CWE-502 Top 25 #15

Deserialization of Untrusted Data

Description
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Exploit Likelihood
Medium
Typical Severity
Medium
OWASP Top 10
A08:2021-Software/Data Integrity Failures
Abstraction Level
Base
View CWE Details on MITRE

Key Information

Published Date
November 07, 2018

External Resources

NIST
NIST NVD
National Vulnerability Database
MT
MITRE CVE
Official CVE record