CVE-2021-28125

Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.
Configurations

Configuration 1

cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*

Information

Published : 2021-04-27 10:15

Updated : 2021-05-07 05:57


NVD link : CVE-2021-28125

Mitre link : CVE-2021-28125

Products Affected
No products.
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')