How severe is CVE-2023-37941?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.6 out of 10.

What type of vulnerability is CVE-2023-37941?

This is classified as CWE-502, which is a common weakness in software security.

CVE-2023-37941 - MEDIUM Severity | CVSS 6.6

Vulnerability Description

If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. The Superset metadata db is an 'internal' component that is typically only accessible directly by the system administrator and the superset process itself. Gaining access to that database should be difficult and require significant privileges. This vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0. Users are recommended to upgrade to version 2.1.1 or later.

Related Vulnerabilities

CVE-2021-27017

MEDIUM

CVSS:6.6(Medium)

Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release.

CWE-5022021

CVE-2021-42550

MEDIUM

CVSS:6.6(Medium)

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from ...

CWE-5022021

CVE-2024-13295

MEDIUM

CVSS:6.6(Medium)

Deserialization of Untrusted Data vulnerability in Drupal Node export allows Object Injection.This issue affects Node export: from 7.X-* before 7.X-3.3.

CWE-5022024

CVE-2024-13296

MEDIUM

CVSS:6.6(Medium)

Deserialization of Untrusted Data vulnerability in Drupal Mailjet allows Object Injection.This issue affects Mailjet: from 0.0.0 before 4.0.1.

CWE-5022024

CVE-2024-13297

MEDIUM

CVSS:6.6(Medium)

Deserialization of Untrusted Data vulnerability in Drupal Eloqua allows Object Injection.This issue affects Eloqua: from 7.X-* before 7.X-1.15.

CWE-5022024

CVE-2025-39565

MEDIUM

CVSS:6.6(Medium)

Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security allows Object Injection. This issue affects MelaPress Login Security: from n/a through 2.1.0.

CWE-5022025