CVE-2021-37839
Apache Superset allows authenticated users to access metadata they have no permission to
4.3
MEDIUM
CVSS 3.1
EPSS 0.34%
Description
Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.
How to fix CVE-2021-37839
To remediate CVE-2021-37839, upgrade the affected package to a fixed version below.
- —upgrade to 1.5.2 or later
- —upgrade to 1.5.1 or later
Is CVE-2021-37839 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.5.2
- from 0, < 1.5.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |