CVE-2024-23952

CVE-2024-23952 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset. Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.   This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.

Learn more about our Cis Benchmark Audit For Apache Http Server.