Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/13 9:2 p.m.7 views

CVE-2023-49736

A wherein JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the...

8.8CVSS7.6AI score0.01178EPSS
Exploits0References4
NVD
NVD
added 2023/12/19 10:15 a.m.32 views

CVE-2023-49736

A wherein JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the...

8.8CVSS0.01178EPSS
Exploits0References2
CVE
CVE
added 2023/12/19 9:33 a.m.61 views

CVE-2023-49736

CVE-2023-49736 describes a SQL injection vulnerability in Apache Superset caused by a vulnerable where_in JINJA macro. The issue allows an attacker to inject SQL via a quote parameter in the macro, with impact on confidentiality, integrity, and availability as described in the sources. Affected v...

8.8CVSS7.6AI score0.01178EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/12/19 9:33 a.m.22 views

CVE-2023-49736 Apache Superset: SQL Injection on where_in JINJA macro

A wherein JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the...

6.5CVSS6AI score0.01178EPSS
Exploits0References4
Rows per page
Query Builder