mirror of https://github.com/apache/superset.git
docs: update CVEs fixed on 3.0.2 and 2.1.3 (#26308)
This commit is contained in:
parent
90a3d685a0
commit
8c32c6da16
|
@ -4,15 +4,30 @@ hide_title: true
|
|||
sidebar_position: 2
|
||||
---
|
||||
|
||||
#### Version 3.0.2, 2.1.3
|
||||
|
||||
| CVE | Title | Affected |
|
||||
|:---------------|:------------------------------------------------------------|---------------------------:|
|
||||
| CVE-2023-46104 | Allows for uncontrolled resource consumption via a ZIP bomb | < 2.1.3, >= 3.0.0, < 3.0.2 |
|
||||
| CVE-2023-49736 | SQL Injection on where_in JINJA macro | < 2.1.3, >= 3.0.0, < 3.0.2 |
|
||||
| CVE-2023-49734 | Privilege Escalation Vulnerability | < 2.1.3, >= 3.0.0, < 3.0.2 |
|
||||
|
||||
|
||||
#### Version 3.0.0
|
||||
|
||||
| CVE | Title | Affected |
|
||||
|:---------------|:------------------------------------------------------------------------|---------:|
|
||||
| CVE-2023-42502 | Open Redirect Vulnerability | < 3.0.0 |
|
||||
| CVE-2023-42504 | Lack of rate limiting allows for possible denial of service | < 3.0.0 |
|
||||
| CVE-2023-42505 | Sensitive information disclosure on db connection details | < 3.0.0 |
|
||||
|
||||
|
||||
#### Version 2.1.3
|
||||
|
||||
| CVE | Title | Affected |
|
||||
|:---------------|:------------------------------------------------------------------------|---------:|
|
||||
| CVE-2023-42504 | Lack of rate limiting allows for possible denial of service | < 2.1.3 |
|
||||
|
||||
|
||||
#### Version 2.1.2
|
||||
|
||||
| CVE | Title | Affected |
|
||||
|
|
Loading…
Reference in New Issue