1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Apache Superset CVE-2018-8021 Activity

Attack: Apache Superset CVE-2018-8021 Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects the attempt to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Additional Information

Apache Superset is a modern, enterprise-ready business intelligence web application.

Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Specifically, this issue occurs when application uses unsafe 'load' method from 'cPickle' library to deserialize data.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Affected

  • Apache Superset 0.23 and prior versions are vulnerable.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube