Open Redirect in Apache Software Foundation Superset

CVE-2021-28125

Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short…

Vulnerability class: Open Redirect

EPSS: 0.638 (99.1th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Superset — versions Apache Superset

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

References

lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b3275422666… (x_refsource_MISC)
[oss-security] 20210427 CVE-2021-28125: Apache Superset Open Redirect (mailing-list, x_refsource_MLIST)