PyPi: Apache-Superset

CVE-2019-12408

Safety vulnerability ID: 39476

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Nov 08, 2019 Updated at Dec 10, 2024

Scan your Python projects for vulnerabilities →

Advisory

Apache-superset 0.35.2 bumps packages with security vulnerabilities (#8573), and bumps pyarrow to 0.15.1 due to CVE-2019-12408 (#8583).

Affected package

apache-superset

Latest version: 4.1.1

A modern, enterprise-ready business intelligence web application

Affected versions

Fixed versions

Vulnerability changelog

- [8918](https://github.com/apache/superset/pull/8918) [database] [log] Fix, Limit the amount of info on response (#8918) (dpgaspar)
- [8759](https://github.com/apache/superset/pull/8759) Bump viz plugins for bug bash (#8759) (etr2460)
- [8729](https://github.com/apache/superset/pull/8729) fix: don't show filter popover on explore view load (#8729) (mistercrunch)
- [8718](https://github.com/apache/superset/pull/8718) Migrate filter_immune_slice_fields (#8718) (betodealmeida)
- [8714](https://github.com/apache/superset/pull/8714) [fix] Druid IS NULL/IS NOT NULL filters (#8714) (john-bodley)
- [8678](https://github.com/apache/superset/pull/8678) fix: default missing values to zero on area chart (#8678) (villebro)
- [8573](https://github.com/apache/superset/pull/8573) [SECURITY] bump packages with security vulnerabilities (#8573) (nytai)
- [8583](https://github.com/apache/superset/pull/8583) Bump pyarrow to 0.15.1 due to CVE (#8583) (robdiciuccio)
- [8581](https://github.com/apache/superset/pull/8581) Fix error when templateParams is undefined (#8581) (betodealmeida)
- [8575](https://github.com/apache/superset/pull/8575) Math.max(...array) considered harmful (#8575) (betodealmeida)
- [8550](https://github.com/apache/superset/pull/8550) [Dashboard Import] Log error on dashboard import failure (#8550) (etr2460)
- [8427](https://github.com/apache/superset/pull/8427) Default page: remove title attribute to fall back on appbuilder.app_name (#8427) (Zanoellia)
- [8495](https://github.com/apache/superset/pull/8495) [datasource editor] Only one click target for edit action (#8495) (graceguo-supercat)
- [8465](https://github.com/apache/superset/pull/8465) Update UPDATING.md (#8465) (john-bodley)
- [8471](https://github.com/apache/superset/pull/8471) [Datasource Editor] A few small UI changes in modal to prevent accidental edits (#8471) (graceguo-supercat)
- [8439](https://github.com/apache/superset/pull/8439) [setup] Fix, download_url (#8439) (dpgaspar)
- [8449](https://github.com/apache/superset/pull/8449) Split up tests/db_engine_test.py (#8449) (willbarrett)
- [8438](https://github.com/apache/superset/pull/8438) introduce a space in command line option (#8438) (christophlingg)
- [8444](https://github.com/apache/superset/pull/8444) explain the need to enable async queries (#8444) (christophlingg)
- [8442](https://github.com/apache/superset/pull/8442) spelling fix (#8442) (austinpray)
- [8419](https://github.com/apache/superset/pull/8419) docs: add a note to RELEASING about Slack Channel (#8419) (mistercrunch)

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): NONE
Availability Availability (A): HIGH

CVSS v2 Details

MEDIUM 5.0

Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (Au): NONE
Confidentiality Impact (C): NONE
Integrity Impact (I): NONE
Availability Impact (A): PARTIAL