If an attacker gains write access to the Apache Superset
metadata database, they could persist a specifically crafted Python
object that may lead to remote code execution on Superset's web
backend. The Superset metadata db is an 'internal' component that
is typically only accessible directly by the system administrator
and the superset process itself. Gaining access to that database
should be difficult and require significant privileges. This
vulnerability impacts Apache Superset versions 1.5.0 up to and
including 2.1.0. Users are recommended to upgrade to version 2.1.1
or later. (CVSS:6.6) (EPSS:0.22%) (Last Update:2023-10-13
16:15:11)
Read more https://www.cvedetails.com/cve/CVE-2023-37941/?utm_source=rssfeed