CVE-2023-39264: Apache Superset: Stack traces enabled by default
First published: Wed Sep 06 2023(Updated: )
By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.
Credit: security@apache.org security@apache.org security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Superset | <=2.1.0 | |
| pip/apache-superset | <=2.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-39264?
CVE-2023-39264 is a vulnerability in Apache Superset versions up to and including 2.1.0 where stack traces for errors were enabled by default, exposing internal traces on REST API endpoints to users.
What is the severity of CVE-2023-39264?
CVE-2023-39264 has a severity rating of medium with a value of 4.3.
Which software versions are affected by CVE-2023-39264?
Apache Superset versions up to and including 2.1.0 are affected by CVE-2023-39264.
How can I fix CVE-2023-39264?
To fix CVE-2023-39264, update Apache Superset to a version later than 2.1.0.
Where can I find more information about CVE-2023-39264?
You can find more information about CVE-2023-39264 in the references listed: [1] [2] [3].
- collector/oss-sec
- alias/CVE-2023-39264
- collector/nvd-api
- collector/github-advisory-latest
- alias/GHSA-cpvx-2365-466c
- collector/github-advisory
- collector/nvd-index
- collector/nvd-cve
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/title
- agent/last-modified-date
- agent/tags
- agent/event
- agent/description
- agent/trending
- vendor/apache
- canonical/apache superset
- version/apache superset/2.1.0
- package-manager/pip