CVE-2023-39264
Apache Superset may expose internal traces on REST API endpoints
4.3
MEDIUM
CVSS 3.1
EPSS 0.14%
Description
By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.
How to fix CVE-2023-39264
To remediate CVE-2023-39264, upgrade the affected package to a fixed version below.
- Bitnami/superset—upgrade to 2.1.1 or later
- —no fix listed
Is CVE-2023-39264 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.1.1
- from 0, <= 2.1.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |