CVE-2021-42250

Published: Nov 17, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs.

Affected (1)

Products: Apache: Superset

Apache

1 product

Superset

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Superset	Before 1.3.2

Related CWEs

CWE-116

Improper Encoding or Escaping of Output

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

CWE-117

Improper Output Neutralization for Logs

The product does not neutralize or incorrectly neutralizes output that is written to logs.

References (4)

http://www.openwall.com/lists/oss-security/2021/11/17/2

Source: security@apache.org

Mailing ListThird Party Advisory

https://lists.apache.org/thread/53lkszw6d3tybp5t99nvgcj538b9trw9

Source: security@apache.org

Mailing ListVendor Advisory

http://www.openwall.com/lists/oss-security/2021/11/17/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.apache.org/thread/53lkszw6d3tybp5t99nvgcj538b9trw9

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

Timeline

No history available yet.