CVE-2023-37941 Information

Description

If an attacker gains write access to the Apache Superset metadata database they could persist a specifically crafted Python object that may lead to remote code execution on Superset’s web backend. This vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0.

Reference

https://lists.apache.org/thread/6qk1zscc06yogxxfgz2bh2bvz6vh9g7h