One can disable the vulnerable data sources entirely, by adding the following env variable to one's configuration, making them unavailable inside the webapp. ![]() ![]() There are a few workarounds for mitigating the vulnerability without upgrading. Users should upgrade to version 10.0.1 to receive this patch. As of time of publication, the `master` and `release/10.x.x` branches address this by applying the Advocate library for making http requests instead of the requests library directly. These vulnerabilities are only exploitable on installations where a URL-loading data source is enabled. ![]() In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery (SSRF). Redash is a package for data visualization and sharing.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |