What is CVE-2018-8021?

CVE-2018-8021 is a vulnerability in Unspecified Superset. Published 2018-11-07.

Is CVE-2018-8021 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Unspecified Superset

CVE-2018-8021

Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Fo…

EPSS: 0.643 (98.5th percentile) — read the EPSS interpretation.

Affected products

Unspecified Superset — versions prior to 0.23

Public proof-of-concept exploits

r3dxpl0it/Apache-Superset-Remote-Code-Execution-PoC-CVE-2018-8021
0xT11/CVE-POC
0xmayday/ExploitDev
ARPSyndicate/cvemon
DavidMay121/ExploitDev
PonusJang/RCE_
hectorgie/PoC-in-GitHub
lnick2023/nicenice
qazbnm456/awesome-cve-poc
xbl3/awesome-cve-poc_

References

45933 (exploit, x_refsource_EXPLOIT-DB)
github.com/apache/incubator-superset/pull/4243 (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-8021?: CVE-2018-8021 is a vulnerability in Unspecified Superset. Published 2018-11-07.
Is CVE-2018-8021 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.