Vulnerability Database

299,759

Total vulnerabilities in the database

CVE-2021-37839

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.

Published: Jul 6, 2022
Updated: May 9, 2024
CVE: CVE-2021-37839
GHSA: GHSA-748r-5r8q-273m
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-273

Affected Software
References

Software	From	Fixed in
apache / superset	-	1.5.1.x
apache-superset	-	1.5.1

https://github.com/apache/superset/commit/2bd89d1705347da5446902a3f65eb8d0a6353503
https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo