7 matches found
PT-2026-56245
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description A share mode chart data interface fails to validate whether the tableId and field IDs provided in the request body belong to the shared resource. It only verifies that the sceneId matches the...
PT-2026-56252
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description An authenticated user capable of creating or modifying chart definitions, or submitting chart data requests containing quota filters, can inject SQL into queries executed against configured...
SQL Injection
apachesuperset is vulnerable to SQL injection. An attacker is able to inject malicious SQL via chart data requests...
CVE-2022-27479
Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue...
CVE-2022-27479
Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue...
Sql injection
Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue...
PYSEC-2022-188
Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue...