https://x7peeps.com/tags/Flask/index.htmlHugozh-CNSun, 22 Jun 2025 00:00:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/Apache_Superset_SECRET_KEY%E9%BB%98%E8%AE%A4%E9%85%8D%E7%BD%AE_SQL%E6%B3%A8%E5%85%A5_%E5%85%83%E6%95%B0%E6%8D%AE%E5%BA%93%E6%8E%A7%E5%88%B6_%E8%AE%A4%E8%AF%81%E7%BB%95%E8%BF%87_CVE%E6%BC%8F%E6%B4%9E%E9%93%BE%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.htmlSun, 22 Jun 2025 00:00:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/Apache_Superset_SECRET_KEY%E9%BB%98%E8%AE%A4%E9%85%8D%E7%BD%AE_SQL%E6%B3%A8%E5%85%A5_%E5%85%83%E6%95%B0%E6%8D%AE%E5%BA%93%E6%8E%A7%E5%88%B6_%E8%AE%A4%E8%AF%81%E7%BB%95%E8%BF%87_CVE%E6%BC%8F%E6%B4%9E%E9%93%BE%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.html深入分析 Apache Superset 的 SECRET_KEY 默认配置导致认证绕过与 RCE（CVE-2023-27524）、SQLite 元数据库劫持（CVE-2023-39265）、SQLLab 任意 SQL 执行导致 RCE（CVE-2023-37941）、Jinja 模板 SQL 注入、SSRF、XSS 等完整攻击面，覆盖 2022-2026 年高危 CVE 漏洞链及蓝队检测与应急响应