{"id":"GHSA-v7q3-5rqm-x7m9","summary":"Duplicate Advisory: Apache Superset uncontrolled resource consumption","details":"## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of CVE-2023-46104. This link is maintained to preserve external references.\n\n## Original Description\nWith correct CVE version ranges for affected Apache Superset.\n \nUncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.  \nThis vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.\n\n","modified":"2024-06-28T17:08:12.361087Z","published":"2024-05-30T20:53:33Z","withdrawn":"2024-06-03T16:17:47Z","database_specific":{"github_reviewed_at":"2024-06-03T16:17:47Z","github_reviewed":true,"cwe_ids":["CWE-400"],"nvd_published_at":"2024-02-14T12:15:47Z","severity":"MODERATE"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23952"},{"type":"WEB","url":"https://lists.apache.org/thread/zc58zvm4414molqn2m4d4vkrbrsxdksx"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/02/14/2"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/02/14/3"}],"affected":[{"package":{"name":"apache-superset","ecosystem":"PyPI","purl":"pkg:pypi/apache-superset"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.2"}]}],"versions":["0.34.0","0.34.1","0.35.1","0.35.2","0.36.0","0.37.0","0.37.1","0.37.2","0.38.0","0.38.1","1.0.0","1.0.1","1.1.0","1.2.0","1.3.0","1.3.1","1.3.2","1.4.0","1.4.1","1.4.2","1.5.0","1.5.1","1.5.2","1.5.3","2.0.0","2.0.1","2.1.0","2.1.1","2.1.1rc1","2.1.1rc2","2.1.1rc3"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-v7q3-5rqm-x7m9/GHSA-v7q3-5rqm-x7m9.json"}},{"package":{"name":"apache-superset","ecosystem":"PyPI","purl":"pkg:pypi/apache-superset"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.0.0"},{"fixed":"3.0.1"}]}],"versions":["3.0.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-v7q3-5rqm-x7m9/GHSA-v7q3-5rqm-x7m9.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}