Apache Superset: A story of insecure default keys, thousands of vulnerable systems, few paying attention

Two out of three public-facing app instances open to hijacking

Apache Superset until earlier this year shipped with an insecure default configuration that miscreants could exploit to login and take over the data visualization application, steal data, and execute malicious code....