Lucene search
ApacheCVELIST:CVE-2021-41971HistoryOct 18, 2021 - 2:30 p.m.
CVE-2021-41971 Possible SQL Injection when template processing is enabled
2021-10-1814:30:14
CWE-89
apache
www.cve.org
13
cve-2021-41971
sql injection
apache superset
Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.
CNA Affected
[
{
"product": "Apache Superset",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.3.1",
"status": "affected",
"version": "Apache Superset",
"versionType": "custom"
}
]
}
]Related
osv
osv
Apache Superset SQL Injection when template processing is enabled
2022-05-24 19:17:46
PYSEC-2021-378
2021-10-18 15:15:00
CVE-2021-41971
2021-10-18 15:15:07
cnvd
cnvd
Apache Superset SQL Injection Vulnerability
2021-10-19 00:00:00
prion
prion
Sql injection
2021-10-18 15:15:00
cve
cve
CVE-2021-41971
2021-10-18 15:15:07
github
github
Apache Superset SQL Injection when template processing is enabled
2022-05-24 19:17:46
nvd
nvd
CVE-2021-41971
2021-10-18 15:15:07