CVE-2018-8021
CVE-2018-8021
Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.
Affected products
unspecified · Supersetpublic PoCs found — 3
githubgithub.com/r3dxpl0it/Apache-Superset-Remote-Code-Execution-PoC-CVE-2018-8021★ 105cve_referencewww.exploit-db.com/exploits/45933/unverifiedexploitdbwww.exploit-db.com/exploits/45933unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →