=====================================================================

                                  CERT-Renater

                      Note d'Information No. 2021/VULN615
_____________________________________________________________________

DATE                : 18/11/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Superset versions prior to
                                      1.3.2.

=====================================================================
http://mail-archives.apache.org/mod_mbox/www-announce/202111.mbox/%3ca4c1cc16-f567-6634-a952-10a946b92a68@apache.org%3e
_____________________________________________________________________

CVE-2021-42250: Apache Superset: Possible log injection
Date     Wed, 17 Nov 2021 14:59:19 GMT

Description:

Improper output neutralization for Logs. A specific Apache Superset HTTP
endpoint allowed for an authenticated user to forge log entries or
inject malicious content into logs.


Mitigation:

Upgrade to Apache Superset 1.3.2 or higher


Credit:

Found and reported by Duxiaoman Financial Security Team




=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================