Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 17 Nov 2021 14:59:19 +0000
From: Daniel Gaspar <>
Subject: CVE-2021-42250: Apache Superset: Possible log injection 


Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs.


Upgrade to Apache Superset 1.3.2 or higher


Found and reported by Duxiaoman Financial Security Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.