PyPi: Apache-Superset

CVE-2019-10906

Transitive

Safety vulnerability ID: 45813

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Apr 07, 2019 Updated at Dec 10, 2024
Scan your Python projects for vulnerabilities →

Advisory

Apache-superset 0.34.0 updates its dependency 'jinja2' to v2.10.1 to include a security fix.

Affected package

apache-superset

Latest version: 4.1.1

A modern, enterprise-ready business intelligence web application

Affected versions

Fixed versions

Vulnerability changelog

- [7997](https://github.com/apache/superset/pull/7997) Event logger config takes instance instead of class (#7997) (DiggidyDave)
- [8006](https://github.com/apache/superset/pull/8006) Local config no longer fails to import silently (#8006) (DiggidyDave)
- [8002](https://github.com/apache/superset/pull/8002) [SQLLab] Fix, database api unlimited page size v2 (#8002) (dpgaspar)
- [7999](https://github.com/apache/superset/pull/7999) Setup FOSSA as part of CI (#7999) (mistercrunch)
- [7949](https://github.com/apache/superset/pull/7949) Update to fix the broken blueprints link (#7949) (mmutiso)
- [7981](https://github.com/apache/superset/pull/7981) Fix Pandas 0.24 DateOffset bug pt. 2 (#7981) (villebro)
- [7993](https://github.com/apache/superset/pull/7993) [Jinja] Make Presto template functions backwards compatible (#7993) (etr2460)
- [7998](https://github.com/apache/superset/pull/7998) [fix] reduce content in sql lab localStorage (#7998) (graceguo-supercat)
- [7985](https://github.com/apache/superset/pull/7985) Fix #7984 (7985) (mistercrunch)
- [7986](https://github.com/apache/superset/pull/7986) Revert "Bump FAB to 2.1.8 (#7986)" (7996) (etr2460)
- [7987](https://github.com/apache/superset/pull/7987) Revert "[database] Fix, Removes the limit for the page size (#7987)" (7995) (etr2460)
- [7994](https://github.com/apache/superset/pull/7994) Bump nvd3 charts for tooltip fix (#7994) (etr2460)
- [7992](https://github.com/apache/superset/pull/7992) [init] Setting up cache before registering blueprints (#7992) (john-bodley)
- [7989](https://github.com/apache/superset/pull/7989) Bump superset-ui versions (#7989) (kristw)
- [7987](https://github.com/apache/superset/pull/7987) [database] Fix, Removes the limit for the page size (#7987) (dpgaspar)
- [7986](https://github.com/apache/superset/pull/7986) Bump FAB to 2.1.8 (#7986) (dpgaspar)
- [7988](https://github.com/apache/superset/pull/7988) [flake8] Ignoring I202 (#7988) (john-bodley)
- [7977](https://github.com/apache/superset/pull/7977) [DB Engine] Support old and new Presto syntax (#7977) (etr2460)
- [7952](https://github.com/apache/superset/pull/7952) [security] Adding docstrings and type hints (#7952) (john-bodley)
- [7963](https://github.com/apache/superset/pull/7963) Remove collation info from MSSQL column type (#7963) (villebro)
- [7973](https://github.com/apache/superset/pull/7973) Bump sqlparse to 0.3.0 (#7973) (villebro)
- [7975](https://github.com/apache/superset/pull/7975) Fix for new Pandas API (#7975) (betodealmeida)
- [7643](https://github.com/apache/superset/pull/7643) 7620: Start removing dependencies on requests (#7643) (sturmer)
- [7965](https://github.com/apache/superset/pull/7965) Bump python requirements file (#7965) (villebro)
- [7964](https://github.com/apache/superset/pull/7964) Use python3 for black to support py>=3.6 (#7964) (villebro)
- [7955](https://github.com/apache/superset/pull/7955) Fix createDatasource (#7955) (betodealmeida)
- [7858](https://github.com/apache/superset/pull/7858) [fix] Isolate and improve performance on tagging system (#7858) (betodealmeida)
- [7943](https://github.com/apache/superset/pull/7943) Update .travis.yml (#7943) (john-bodley)
- [7932](https://github.com/apache/superset/pull/7932) Bump nvd3 chart plugin (#7932) (etr2460)
- [7924](https://github.com/apache/superset/pull/7924) [fix] bug on FixedOrMetricControl component causing issues with deck.gl polygon height + deck.gl scatter radius controls (#7924) (thunter009)
- [7935](https://github.com/apache/superset/pull/7935) [feature flag] Enforce csrf protection on explore_json endpoint (#7935) (graceguo-supercat)
- [7940](https://github.com/apache/superset/pull/7940) fixing error related to install codecove in travis (#7940) (blcksrx)
- [7933](https://github.com/apache/superset/pull/7933) [revert] Partial revert of #7888 (7933) (john-bodley)
- [7918](https://github.com/apache/superset/pull/7918) [cli] New, command line option to create or set a db URI (#7918) (dpgaspar)
- [7926](https://github.com/apache/superset/pull/7926) Fix #7130 - SQL Lab table name autocomplete (7926) (mistercrunch)
- [7920](https://github.com/apache/superset/pull/7920) [log] Disable Log view when FAB security views are disabled (#7920) (dpgaspar)
- [7930](https://github.com/apache/superset/pull/7930) [sqllab] Fix, #7928 query async not working (7930) (dpgaspar)
- [7931](https://github.com/apache/superset/pull/7931) Fixing the build after travis upgraded Ubuntu (#7931) (mistercrunch)
- [7895](https://github.com/apache/superset/pull/7895) [dashboard] fix chart showing loading icon when filter updated immuned fields (#7895) (graceguo-supercat)
- [7864](https://github.com/apache/superset/pull/7864) [Profile] Fix 5xx when user not found (#7864) (etr2460)
- [7912](https://github.com/apache/superset/pull/7912) [sqllab] Fix limit parsing bug when using limit-offset comma notation (#7912) (villebro)
- [7896](https://github.com/apache/superset/pull/7896) [Bugfix] Remove prequery properties from query_obj (#7896) (villebro)
- [7892](https://github.com/apache/superset/pull/7892) Fix incorrect datasource_name in dashboard export (#7892) (smacker)
- [7894](https://github.com/apache/superset/pull/7894) Set owner to dashboards and charts on import (#7894) (smacker)
- [7665](https://github.com/apache/superset/pull/7665) [api] [database] New, migrate to new FAB API side by side (#7665) (dpgaspar)
- [7880](https://github.com/apache/superset/pull/7880) [migration] add unique constraint on dashboard_slices table (#7880) (graceguo-supercat)
- [7915](https://github.com/apache/superset/pull/7915) Bump nvd3 charts for responsive y axis fix (#7915) (etr2460)
- [7868](https://github.com/apache/superset/pull/7868) [SQL Lab] Fix TableSelector perf for large option sets (#7868) (etr2460)
- [7907](https://github.com/apache/superset/pull/7907) [Bugfix] Response header and response mismatch on explore result from sqllab (#7907) (arpit-agarwal)
- [7816](https://github.com/apache/superset/pull/7816) Add cache_key_wrapper to Jinja template processor (#7816) (villebro)
- [7898](https://github.com/apache/superset/pull/7898) [test] Fix test data remove slice_name (#7898) (graceguo-supercat)
- [7897](https://github.com/apache/superset/pull/7897) [fix] Adding space after -- for SQL comments (#7897) (john-bodley)
- [7744](https://github.com/apache/superset/pull/7744) Fix missing `gevent` extra dependency in Docker setup (#7744) (bmfs)
- [7888](https://github.com/apache/superset/pull/7888) [sqla] Adding check for invalid filter columns (#7888) (john-bodley)
- [7883](https://github.com/apache/superset/pull/7883) Sort dashboards exported json (#7883) (smacker)
- [7879](https://github.com/apache/superset/pull/7879) Remove unnecessary fields from dashboard exported json (#7879) (smacker)
- [7882](https://github.com/apache/superset/pull/7882) Corrected ISO codes on India Country Map (#7882) (TheLastSultan)
- [7881](https://github.com/apache/superset/pull/7881) [sql lab] improve TableElement controls (#7881) (mistercrunch)
- [7773](https://github.com/apache/superset/pull/7773) Improve examples & related tests (#7773) (mistercrunch)
- [7877](https://github.com/apache/superset/pull/7877) Avoid removing custom sql adhoc metric when columns change (#7877) (michellethomas)
- [7827](https://github.com/apache/superset/pull/7827) Fix docker configurations and docker installation guide. (#7827) (ali-bahjati)
- [7863](https://github.com/apache/superset/pull/7863) DruidEngineSpec: set allows_subquery to True (#7863) (michalmisiewicz)
- [7878](https://github.com/apache/superset/pull/7878) fix: add check to re-render only if underlying layers change (#7878) (thunter009)
- [7875](https://github.com/apache/superset/pull/7875) bug fix for all_database_access() call (#7875) (rahul-rahul-sp)
- [7872](https://github.com/apache/superset/pull/7872) [docs] Advise about celery 4.3.0 requirement on redis (#7872) (dpgaspar)
- [7853](https://github.com/apache/superset/pull/7853) [cypress] Disable chromeWebSecurity globally (#7853) (graceguo-supercat)
- [7852](https://github.com/apache/superset/pull/7852) Bump pandas to 0.24 (#7852) (villebro)
- [7866](https://github.com/apache/superset/pull/7866) [wip] fix: multi deck.gl bug fixes (pt 2) (#7866) (thunter009)
- [7867](https://github.com/apache/superset/pull/7867) Update tox.ini (#7867) (john-bodley)
- [7856](https://github.com/apache/superset/pull/7856) Adds the ability to replace/extend caching backend (#7856) (robdiciuccio)
- [7854](https://github.com/apache/superset/pull/7854) fix: multi deck.gl bug fixes (#7854) (thunter009)
- [7845](https://github.com/apache/superset/pull/7845) Make SHOW_STACKTRACE config apply across the board (#7845) (mistercrunch)
- [7848](https://github.com/apache/superset/pull/7848) [celery] Bump celery to 4.3.0 (#7848) (dpgaspar)
- [7850](https://github.com/apache/superset/pull/7850) Update down_revision to fix migrations (#7850) (1AB9502)
- [7843](https://github.com/apache/superset/pull/7843) Quick fix (#7843) (betodealmeida)
- [4725](https://github.com/apache/superset/pull/4725) Add "Published" feature to dashboards (#4725) (Tresdon)
- [7835](https://github.com/apache/superset/pull/7835) Update requirements.txt (#7835) (john-bodley)
- [7728](https://github.com/apache/superset/pull/7728) * hacky string coercion to fix bug in cli datasource export (#7728) (Aylr)
- [7717](https://github.com/apache/superset/pull/7717) Refactor testconn to use get_sqla_engine (#7717) (thoralf-gutierrez)
- [7837](https://github.com/apache/superset/pull/7837) Updating superset-ui/legacy-preset-chart-nvd3 to 0.10.35 (#7837) (michellethomas)
- [7830](https://github.com/apache/superset/pull/7830) Set up a few more pre-commit hook (#7830) (mistercrunch)
- [7705](https://github.com/apache/superset/pull/7705) [log] New, make action log configurable and generic (#7705) (dpgaspar)
- [7832](https://github.com/apache/superset/pull/7832) Bump FAB to 2.1.6 (#7832) (dpgaspar)
- [7817](https://github.com/apache/superset/pull/7817) Add missing 'babies.png' image (#7817) (mistercrunch)
- [7376](https://github.com/apache/superset/pull/7376) Fixing the examples (#7376) (mistercrunch)
- [7821](https://github.com/apache/superset/pull/7821) Add source{d} to user list in README.md (#7821) (marnovo)
- [7539](https://github.com/apache/superset/pull/7539) Improvements related to ASF release process (#7539) (mistercrunch)
- [7747](https://github.com/apache/superset/pull/7747) fix: unicode word cloud example (#7747) (mistercrunch)
- [7796](https://github.com/apache/superset/pull/7796) Added possibility to translate the phrase 'No results found' in FilterBox (#7796) (dserkowski)
- [7621](https://github.com/apache/superset/pull/7621) fix: Better error message for dashboard import (#7621) (smacker)
- [7812](https://github.com/apache/superset/pull/7812) [dashboard] Fix URLShortLinkButton position after click anchor link (#7812) (graceguo-supercat)
- [7653](https://github.com/apache/superset/pull/7653) [schema] Deprecating the table_columns.database_expression column (#7653) (john-bodley)
- [7810](https://github.com/apache/superset/pull/7810) Add second and minute grains (#7810) (villebro)
- [7813](https://github.com/apache/superset/pull/7813) Improve documentation (#7813) (villebro)
- [7799](https://github.com/apache/superset/pull/7799) [fix] Updating Pandas resample logic (#7799) (john-bodley)
- [7502](https://github.com/apache/superset/pull/7502) Add Table List Refresh Button (#7502) (MarcusSorealheis)
- [7809](https://github.com/apache/superset/pull/7809) [travis] Adding Black tox environment (#7809) (john-bodley)
- [7325](https://github.com/apache/superset/pull/7325) [Viz] transpose pivot table (#7325) (zhaoyongjie)
- [7435](https://github.com/apache/superset/pull/7435) Update messages.json (#7435) (JesusEkie)
- [7770](https://github.com/apache/superset/pull/7770) Autocomplete in the table browser in SQL lab is broken - Fix part 2 (#7770) (khtruong)
- [7755](https://github.com/apache/superset/pull/7755) [fix] Handling of non-existent datasource (#7755) (john-bodley)
- [7791](https://github.com/apache/superset/pull/7791) Improve performance for add slice container (#7791) (etr2460)
- [7801](https://github.com/apache/superset/pull/7801) add new user (#7801) (pokyu)
- [7777](https://github.com/apache/superset/pull/7777) Truncate data that is expanded (#7777) (betodealmeida)
- [7783](https://github.com/apache/superset/pull/7783) [SQL Lab] Add hard time limit fallback for async queries (#7783) (etr2460)
- [7788](https://github.com/apache/superset/pull/7788) Fix SQL editor tooltip to not cut off long column names (#7788) (cguan7)
- [7467](https://github.com/apache/superset/pull/7467) Change kv content-type to text/plain (#7467) (rahul-rahul-sp)
- [7787](https://github.com/apache/superset/pull/7787) Updating legacy-plugin-chart-heatmap to fix an issue with heatmap (#7787) (michellethomas)
- [7782](https://github.com/apache/superset/pull/7782) feat: query based on all partitions (#7782) (khtruong)
- [7767](https://github.com/apache/superset/pull/7767) bugfix: Oracle timegrains fail to render when wrapped in outer query (#7767) (villebro)
- [7769](https://github.com/apache/superset/pull/7769) [format] Using Black (#7769) (john-bodley)
- [7753](https://github.com/apache/superset/pull/7753) [testconn] Fixing response (#7753) (john-bodley)
- [7764](https://github.com/apache/superset/pull/7764) Show generic error msg and hide stacktrace if feature flag is enabled (#7764) (rahul-rahul-sp)
- [7605](https://github.com/apache/superset/pull/7605) chore: taking db dependencies out of requirements-dev.txt (#7605) (mistercrunch)
- [7749](https://github.com/apache/superset/pull/7749) Fix deck.gl sample charts with js (#7749) (villebro)
- [7011](https://github.com/apache/superset/pull/7011) fix(filterbox): fixed runtime exception in filterbox for allow multiple selection is false (#7011) (jitendra-kumawat)
- [7756](https://github.com/apache/superset/pull/7756) Add csv upload support for BigQuery (#7756) (villebro)
- [7724](https://github.com/apache/superset/pull/7724) [security] [ui] Make security views use superset's list widget (#7724) (dpgaspar)
- [7750](https://github.com/apache/superset/pull/7750) Bump FAB to 2.1.5 (#7750) (dpgaspar)
- [7720](https://github.com/apache/superset/pull/7720) [SQL Lab] Add JSON modal when clicking on cells with JSON objects (#7720) (etr2460)
- [7745](https://github.com/apache/superset/pull/7745) [fix] Force refresh table list broken (#7745) (betodealmeida)
- [7736](https://github.com/apache/superset/pull/7736) Revert "Autocomplete in the table browser in SQL lab is broken (#7736)" (7743) (khtruong)
- [7736](https://github.com/apache/superset/pull/7736) Autocomplete in the table browser in SQL lab is broken (#7736) (khtruong)
- [7646](https://github.com/apache/superset/pull/7646) compile column names (#7646) (villebro)
- [7722](https://github.com/apache/superset/pull/7722) [SQL Lab] Polish side pane animation (#7722) (etr2460)
- [7616](https://github.com/apache/superset/pull/7616) Fixing time comparison to look for past deltas (#7616) (michellethomas)
- [7729](https://github.com/apache/superset/pull/7729) Bump sqla to 1.3.5 (#7729) (villebro)
- [7652](https://github.com/apache/superset/pull/7652) Allowing withVerification to remove all options if none are valid (#7652) (michellethomas)
- [7679](https://github.com/apache/superset/pull/7679) css: add margin-top to ResultSet (#7679) (mistercrunch)
- [7723](https://github.com/apache/superset/pull/7723) [CSV Upload] Fix Index Column input filter (#7723) (etr2460)
- [7700](https://github.com/apache/superset/pull/7700) [dashboard] fix nested tab component visible logic (#7700) (graceguo-supercat)
- [7709](https://github.com/apache/superset/pull/7709) [docker] Fix docker-init missing FLASK_APP (#7709) (dpgaspar)
- [7701](https://github.com/apache/superset/pull/7701) Update superset-ui/legacy-preset-chart-nvd3 (#7701) (etr2460)
- [7696](https://github.com/apache/superset/pull/7696) [docs] Fix, flask fab cli does not need app parameter (#7696) (dpgaspar)
- [7691](https://github.com/apache/superset/pull/7691) [SQL Lab] Fix proptypes warning (#7691) (etr2460)
- [7693](https://github.com/apache/superset/pull/7693) Render columns dynamically on wide tables (#7693) (betodealmeida)
- [7687](https://github.com/apache/superset/pull/7687) Add Intercom to Superset users (#7687) (kate-gallo)
- [7688](https://github.com/apache/superset/pull/7688) Adding 6play as users (#7688) (CoryChaplin)
- [7667](https://github.com/apache/superset/pull/7667) [epoch] Remove non-UTC epoch logic (#7667) (john-bodley)
- [7672](https://github.com/apache/superset/pull/7672) Update index.rst (#7672) (john-bodley)
- [7678](https://github.com/apache/superset/pull/7678) Revert "Allow bigint to be used as time column in Presto" #7670 (7678) (john-bodley)
- [7073](https://github.com/apache/superset/pull/7073) [connectors] Make cluster/database and datasource/table unselectable in CRUD view (#7073) (john-bodley)
- [7598](https://github.com/apache/superset/pull/7598) adding command for seeing changes reflected. (#7598) (MarcusSorealheis)
- [7478](https://github.com/apache/superset/pull/7478) Bump FAB to 2.1.4 (#7478) (dpgaspar)
- [7526](https://github.com/apache/superset/pull/7526) Fixed SQL Lab Query Search scrolling issue(#7526) (7674) (rusackas)
- [7676](https://github.com/apache/superset/pull/7676) Break up db_engine_specs (#7676) (villebro)
- [7392](https://github.com/apache/superset/pull/7392) Remove duplicate paragraph in celery tasks documentation (#7392) (thoralf-gutierrez)
- [7567](https://github.com/apache/superset/pull/7567) Add epoch funcs for BigQuery (#7567) (villebro)
- [7641](https://github.com/apache/superset/pull/7641) [SQL Lab] Clarify SQL Lab query and display limits (#7641) (etr2460)
- [7642](https://github.com/apache/superset/pull/7642) [dashboard] pass dashboard filters to share chart url in dropdown (#7642) (graceguo-supercat)
- [7572](https://github.com/apache/superset/pull/7572) [SQL Lab] Show warning when user used up localStorage (#7572) (graceguo-supercat)
- [7610](https://github.com/apache/superset/pull/7610) docs: Add Tenable to the List of Users (#7610) (dflionis)
- [7475](https://github.com/apache/superset/pull/7475) Apply DashboardFilter to the dashboards in SliceModeView (#7475) (rahul-rahul-sp)
- [7638](https://github.com/apache/superset/pull/7638) Add new escape characters to OnPasteSelect (#7638) (1AB9502)
- [7660](https://github.com/apache/superset/pull/7660) [docs] Fix, deprecate fabmanager cli (#7660) (dpgaspar)
- [5096](https://github.com/apache/superset/pull/5096) Revert "Boxplot should not require a datetime column (#5096)" (7655) (khtruong)
- [7175](https://github.com/apache/superset/pull/7175) [SQL Lab] CTAS now uses the right async configuration (#7175) (enricoberti)
- [7647](https://github.com/apache/superset/pull/7647) [Profile] Fix react gravitar size prop type warning (#7647) (etr2460)
- [7618](https://github.com/apache/superset/pull/7618) Add Filter on DatabaseView that filters DBs Based on Role Access (#7618) (dflionis)
- [7640](https://github.com/apache/superset/pull/7640) [dashboard] click tab anchor link (#7640) (graceguo-supercat)
- [7632](https://github.com/apache/superset/pull/7632) Fix colors in ellipsis (#7632) (betodealmeida)
- [7433](https://github.com/apache/superset/pull/7433) Adding codecov targets and thresholds (#7433) (michellethomas)
- [7490](https://github.com/apache/superset/pull/7490) [fix] SQL parsing of table names (#7490) (john-bodley)
- [7494](https://github.com/apache/superset/pull/7494) make filter_values() macro to properly accept value from filter box with single value setting (#7494) (jimhorng)
- [7606](https://github.com/apache/superset/pull/7606) fix: SqlaColumn.type overflow on mysql (#7606) (mistercrunch)
- [7636](https://github.com/apache/superset/pull/7636) [query] Fix, remove not possible to order columns (#7636) (dpgaspar)
- [7635](https://github.com/apache/superset/pull/7635) Fixed Time Grain and Added Drill to README (#7635) (cgivre)
- [7593](https://github.com/apache/superset/pull/7593) fix: address issue #7458 (7593) (mistercrunch)
- [7561](https://github.com/apache/superset/pull/7561) [FAB] set AppBuilder to update_perms=False (#7561) (mistercrunch)
- [7575](https://github.com/apache/superset/pull/7575) Alternative fix for #7559 (7575) (mistercrunch)
- [7633](https://github.com/apache/superset/pull/7633) Wrapping up #7130 (7633) (mistercrunch)
- [7617](https://github.com/apache/superset/pull/7617) Allow trailing spaces in simple filter values (#7617) (etr2460)
- [7622](https://github.com/apache/superset/pull/7622) [requirements] Bumping pydruid version (#7622) (john-bodley)
- [7624](https://github.com/apache/superset/pull/7624) [SQL Lab] Prevent failed query error from disappearing (#7624) (etr2460)
- [7628](https://github.com/apache/superset/pull/7628) [SQL Lab] Old query showing success state but not showing results (#7628) (graceguo-supercat)
- [7583](https://github.com/apache/superset/pull/7583) Update bug_report.md (#7583) (john-bodley)
- [7630](https://github.com/apache/superset/pull/7630) fix: handle presto columns with whitespace (#7630) (khtruong)
- [7625](https://github.com/apache/superset/pull/7625) View Presto row and array objects clearly in the data grid (#7625) (khtruong)
- [7627](https://github.com/apache/superset/pull/7627) Show expanded columns in gray in SQL Editor (#7627) (betodealmeida)
- [7525](https://github.com/apache/superset/pull/7525) Add relative start param for time filters (#7525) (villebro)
- [7594](https://github.com/apache/superset/pull/7594) [SQL Lab] fix unnecessary offline action (#7594) (graceguo-supercat)
- [7615](https://github.com/apache/superset/pull/7615) Fix SQL Lab window resizing layout bug (#7615) (etr2460)
- [7131](https://github.com/apache/superset/pull/7131) Make timestamp expression native SQLAlchemy element (#7131) (villebro)
- [6610](https://github.com/apache/superset/pull/6610) Add support for Apache Drill (#6610) (cgivre)
- [7550](https://github.com/apache/superset/pull/7550) Bump python libs, address insecure releases (#7550) (mistercrunch)
- [7579](https://github.com/apache/superset/pull/7579) Add "Auto" option to Mapbox visualization point radius (#7579) (ali-bahjati)
- [7379](https://github.com/apache/superset/pull/7379) Remove the use of Pandas' iloc() in WorldMapViz (#7379) (elukey)
- [7453](https://github.com/apache/superset/pull/7453) Add support for period character in table names (#7453) (villebro)
- [7586](https://github.com/apache/superset/pull/7586) Remove aggregates from metric options if datasource has no columns (#7586) (michellethomas)

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 8.6

CVSS v3 Details

HIGH 8.6
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
CHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
NONE
Availability Availability (A)
NONE

CVSS v2 Details

MEDIUM 5.0
Access Vector (AV)
NETWORK
Access Complexity (AC)
LOW
Authentication (Au)
NONE
Confidentiality Impact (C)
PARTIAL
Integrity Impact (I)
NONE
Availability Impact (A)
NONE