Site icon API Security Blog

Cross-Site Request Forgery (CSRF)

apache-superset is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability exists due to the use of the HTTP GET method for the legacy REST API endpoints in the `request_access` and `approve` functions of `core.py`, allowing an attacker to redirect to the malicious URL through the GET request.Read More

Exit mobile version