Insecure Defaults Affecting superset package, versions [,0.14.0)
Snyk CVSS
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-SUPERSET-568871
- published 12 May 2020
- disclosed 17 Nov 2016
- credit Unknown
How to fix?
Upgrade superset
to version 0.14.0 or higher.
Overview
superset is a Superset has moved to apache-superset, as of 0.34.0 onwards, please pip install apache-superset.
Affected versions of this package are vulnerable to Insecure Defaults. Jinja sandbox SandboxedEnvironment
used to evaluate untrusted code was found to be not in use. Furthermore, the security scheme/permissions used within superset was found to be not configured to adhere to security best practices.