CVE-2023-36387 - How Improper Default REST API Permissions in Apache Superset Expose Sensitive Database Operations
---
Introduction
In June 2023, a significant security issue was disclosed in Apache Superset—an open-source data visualization and exploration platform. The vulnerability, identified as
CVE-2023-36388 - How Improper REST API Permission in Apache Superset (≤ 2.1.) Can Lead to SSRF for Authenticated Gamma Users
Apache Superset is a popular open-source data visualization platform, used by businesses and data teams everywhere. But even the best tools sometimes have dangerous flaws.
CVE-2023-40743 - Dangerous Service Lookups in Apache Axis 1.x Can Lead to RCE, SSRF, and DOS
In August 2023, a high-impact vulnerability was disclosed affecting applications based on Apache Axis 1.x, a Java-based SOAP engine. Identified as CVE-2023-40743, this flaw
CVE-2023-41080 - Open Redirect in Apache Tomcat FORM Authentication - Root Cause, Exploitation, and Remediation
In August 2023, a security issue known as CVE-2023-41080 was disclosed in the Apache Tomcat servlet container, affecting how URL redirection works after users log
CVE-2023-34040 - Deserialization Attack Risk in Spring for Apache Kafka—What You Need To Know
In the world of data streaming, Apache Kafka is a powerful tool, while Spring for Apache Kafka makes it much easier to build Java apps
Episode
00:00:00
00:00:00