Security Advisory

CVE-2021-28125

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-04-27 09:27:22
Last updated 2024-08-03 21:33:17
Assigner apache
State PUBLISHED

Description

Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.