Home > Vulnerability Database > CVE-2023-39265

Mend.io Vulnerability Database

CVE-2023-39265

Good to know:

Date: September 6, 2023

Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. This vulnerability exists in Apache Superset versions up to and including 2.1.0.

Language: Python

Severity Score

3.8

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-39265

Url: https://github.com/apache/superset

Url: https://lists.apache.org/thread/pwdzsdmv4g5g1n2h9m7ortfnxmhr7nfy

Url: http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html

Url: https://www.mend.io/vulnerability-database/CVE-2023-39265

Severity Score

3.8

Weakness Type (CWE)

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version apache-superset - 2.1.1

Learn More

CVSS v3.1

Base Score:	3.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-39265

Good to know:

Date: September 6, 2023

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?