3 matches found
CVE-2026-50530
DataEase prior to version 2.10.24 exposes a vulnerability in the share mode chart data interface. The API path POST /de2api/chartData/getData only validates that sceneId matches the resourceId in the link token and does not verify whether tableId and field IDs in the request body belong to the sh...
Apache Superset SQL Injection Vulnerability (CNVD-2024-26534)
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit the vulnerability to...
PT-2024-20550
Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 3.0.4 Apache Superset versions 3.1.0 through 3.1.0 Description A guest user could exploit a chart data REST API and send arbitrary SQL statements that, on error, could leak information from the underlying...