CVE-2023-27524 - How Default Secrets in Apache Superset Opened the Door to Session Hijacking
In May 2023, the open-source analytics platform Apache Superset made headlines—but for all the wrong reasons. A critical vulnerability tracked as CVE-2023-27524 was disclosed,
CVE-2023-25504 - How Authenticated Users Can Exploit Apache Superset’s Dataset Import for SSRF Attacks
1. Background: What is Apache Superset?
Apache Superset is a popular open-source data visualization and data exploration platform. It’s used by data scientists and
CVE-2023-24831 - How a Simple Authentication Bug Let Attackers in Apache IoTDB Grafana Connector Walk Right In
Security is only as strong as its weakest link. Recently, a critical vulnerability was found in the Apache IoTDB Grafana Connector. This open-source software is
CVE-2023-30465 - SQL Injection Vulnerability in Apache InLong (Versions 1.4. - 1.5.) Explained with Exploit Example
Recently, a serious security vulnerability was found in Apache InLong, an open-source system for massive data integration. This flaw, tracked as CVE-2023-30465, allows attackers to
CVE-2023-27987 - How Simple Default Tokens in Apache Linkis <=1.3.1 Lead to Easy Exploits (With Example and Fix)
Published: June 2024
Author: [Exclusive Write-up]
Apache Linkis is a popular middleware that connects data applications (like BI, notebooks, and IDEs) with multiple computation engines.
Episode
00:00:00
00:00:00