1. Apache Superset Hardcoded SECRET_KEY Remains Active After CVE-2023-27524, Exposing Production Deployments to Session Forgery
A critical security flaw in Apache Superset persists in production environments, despite a prior patch addressing a similar vulnerability. The issue centers on a hardcoded fallback `SECRET_KEY` value—'thisismysecretkey'—shipped within `superset/config.py`. Security researchers warn that deployments failing to override ...