5 matches found
CVE-2021-41971
Apache Superset up to and including 1.3.0 when configured with ENABLETEMPLATEPROCESSING on disabled by default allowed SQL injection when a malicious authenticated user sends an http request with a custom URL...
EUVD-2022-0025
Malicious code in bioql PyPI...
CVE-2025-48912 Apache Superset: Improper authorization bypass on row level security via SQL Injection
An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into 'sqlExpression' fields. This allowed the execution of sub-queries to evade parsing defenses ultimately granting unauthorized access to data. This issue affects...
CVE-2022-27479
Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue...
CVE-2023-49736
A wherein JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the...