{"vulnerability": "CVE-2023-37941", "sightings": [{"uuid": "c9497245-de45-4ea8-afa5-c89988bdffe8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37941", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "1dc149b6-d03f-416e-b00b-ee97c5dc6cd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37941", "type": "published-proof-of-concept", "source": "Telegram/hqzcq-N-UmfLuy_GrV60Wdv72OSiDR6dOzg10bG3ca7Czg", "content": "", "creation_timestamp": "2023-09-07T13:42:21.000000Z"}, {"uuid": "fd089b48-39c9-4c68-ab65-a8d6451b8cad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37941", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:01.000000Z"}, {"uuid": "7beff782-361e-4ef3-9210-bd2f1ced140f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37941", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwkbd7jwdi2v", "content": "", "creation_timestamp": "2025-08-16T21:02:22.128502Z"}, {"uuid": "2c2e98e2-46de-442a-980d-fdf812208549", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37941", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/apache_superset_cookie_sig_rce.rb", "content": "", "creation_timestamp": "2023-10-12T21:34:40.000000Z"}, {"uuid": "5ae84d6f-5b18-4224-833e-ef0578d8b46c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37941", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:55.000000Z"}, {"uuid": "6f1eb9ce-53b7-448e-ac3a-17d16bae4a7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37941", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8984", "content": "#exploit\n1. CVE-2023-4634:\nRCE Exploit for Wordpress Media-Library Plugin < 3.10\nhttps://github.com/Patrowl/CVE-2023-4634\n\n2. CVE-2023-27524, CVE-2023-39265, CVE-2023-37941:\nApache Superset\u00a0- RCE, Credential Harvesting & More\nhttps://www.horizon3.ai/apache-superset-part-ii-rce-credential-harvesting-and-more", "creation_timestamp": "2023-09-07T11:01:26.000000Z"}, {"uuid": "c169fe3b-a5ae-4b3c-be7a-cdbfcfc4da41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37941", "type": "seen", "source": "https://t.me/KomunitiSiber/755", "content": "Alert: Apache SuperSet Vulnerabilities Expose Servers to Remote Code Execution Attacks\nhttps://thehackernews.com/2023/09/alert-apache-superset-vulnerabilities.html\n\nPatches have been released to address two new security vulnerabilities in Apache SuperSet that could be exploited by an attacker to gain remote code execution on affected systems.\nThe update (version 2.1.1) plugs\u00a0CVE-2023-39265\u00a0and\u00a0CVE-2023-37941, which make it possible to conduct nefarious actions once a bad actor is able to gain control of Superset\u2019s metadata database.\nOutside of these", "creation_timestamp": "2023-09-07T13:47:33.000000Z"}, {"uuid": "18739b74-e652-4b68-9144-d8e912a2bc58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37941", "type": "seen", "source": "https://t.me/thehackernews/3838", "content": "Apache SuperSet users, beware! \n \nA critical update has been released to patch two new vulnerabilities (CVE-2023-39265 & CVE-2023-37941) that could expose your servers to remote code execution attacks. \n \nFind out here: https://thehackernews.com/2023/09/alert-apache-superset-vulnerabilities.html", "creation_timestamp": "2023-09-07T13:31:34.000000Z"}]}