15 matches found
EUVD-2019-0019
Malware in sbrugna...
CVE-2019-12414
In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab...
GO-2024-3158 Apache Answer: Avatar URL leaked user email addresses in github.com/apache/incubator-answer
Apache Answer: Avatar URL leaked user email addresses in github.com/apache/incubator-answer...
GO-2024-2457 Apache Answer Race Condition vulnerability in github.com/apache/incubator-answer
Apache Answer Race Condition vulnerability in github.com/apache/incubator-answer...
GO-2024-2580 Apache Answer Race Condition vulnerability in github.com/apache/incubator-answer
Apache Answer Race Condition vulnerability in github.com/apache/incubator-answer...
Cross-Site Scripting
github.com/apache/incubator-answer is vulnerable to Cross-site Scripting XSS. The vulnerability is due to inadequate sanitization of user input in the summary field, which allows a logged-in attacker to inject malicious code when modifying their own submitted question...
Information Disclosure
Apache Incubator Superset is susceptible to information disclosure. The database names are leaked to the users with no-access to on a dropdown list in SQLLab...
CVE-2019-12413
In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query...
CVE-2019-12414
In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab...
PYSEC-2019-173
In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab...
Information disclosure
In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query...
PYSEC-2019-172
In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query...
CVE-2019-12413
In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query...
CVE-2019-12414
CVE-2019-12414 affects Apache Incubator Superset prior to 0.32. The issue allows a user to view database names to which they have no access, exposed in a SQLLab dropdown. The connected sources confirm the affected product/version and the information-disclosure impact, but do not provide root-caus...
PT-2019-12793 · Apache · Apache Incubator Superset
Name of the Vulnerable Software and Affected Versions: Apache Incubator Superset versions prior to 0.32 Description: A user can view database names that he has no access to on a dropdown list in SQLLab. Recommendations: For versions prior to 0.32, update to version 0.32 or later to resolve the...