CVE-2021-28125

CVE-2021-28125: Apache Superset Open Redirect

Vendor Apache Software Foundation

Product Apache Superset

Weakness CWE-601 · Open redirect

Published April 27, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.

Key dates

02Disclosure timeline

April 27, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-28125

Related vulnerabilities

04Related CVE

CVE-2022-36028 BigBlueButton Greenlight Open Redirect vulnerability CVE-2025-0608 Open Redirect in Logo Software's Logo Cloud CVE-2025-64101 ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection CVE-2024-34074 Frappe vuilnerable to an open redirect on login page CVE-2023-6927 Keycloak: open redirect via "form_post.jwt" jarm response mode