Skip to content

SSRF + local file read via dataset import with default allow-all URL list (CWE-918) #39114

Open
Open
SSRF + local file read via dataset import with default allow-all URL list (CWE-918)#39114
Labels
data:datasetRelated to dataset configurationsvalidation:requiredA committer should validate the issue
@Proscan-one

Description

@Proscan-one
Proscan-one
opened on Apr 5, 2026

Hi,

The dataset import feature has an SSRF that also supports local file reads.

superset/commands/dataset/importers/v1/utils.py:209 uses urllib.request.urlopen() to fetch a data URI from the dataset YAML config. This function supports file://, http://, and ftp:// schemes.

The default allowlist at superset/config.py:2261 is DATASET_IMPORT_ALLOWED_DATA_URLS = [r".*"] — matches everything.

Exploit: upload a ZIP with a dataset YAML containing data: "file:///etc/passwd" or data: "http://169.254.169.254/latest/meta-data/". The fetched data gets loaded into a pandas DataFrame and written to the database, where the attacker can query it.

Fix: default the allowlist to empty (require explicit configuration) and block the file:// scheme entirely.

— ProScan AppSec | proscan.one

Metadata

Metadata

Assignees

No one assigned

    Labels

    data:datasetRelated to dataset configurationsvalidation:requiredA committer should validate the issue

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions