Apache Superset SQL Injection Vulnerability (CNVD-2024-26534)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit the vulnerability to...

PT-2024-20550 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 3.0.4 Apache Superset versions 3.1.0 through 3.1.0 Description: A guest user could exploit a chart data REST API and send arbitrary SQL statements that, on error, could leak information from the underlying...