Apache Superset Remote Code Execution Vulnerability (CVE-2020-13948)
Sep 27, 2020 GMT+08:00
Apache has recently released a security notice that disclosed a code execution vulnerability (CVE-2020-13948) in Apache Superset. An authenticated user can craft requests that would allow remote code execution.
If you are an Apache Superset user, check your versions and implement timely security hardening.
For more information about this vulnerability, visit the following website:
(Severity: low, moderate, important, and critical)
III. Affected Products
Apache Superset versions earlier than 0.37.1
IV. Vulnerability Handling
This vulnerability has been fixed in the latest official releases. If your version falls into the affected range, upgrade it to a secure version.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.