Affected versions: - Apache Superset before 2.1.3 - Apache Superset 3.0.0 before 3.0.1
Description: Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1. Credit: Dor Konis – GE Vernova (finder) References: https://superset.apache.org https://www.cve.org/CVERecord?id=CVE-2023-46104
