34 matches found
EUVD-2015-4321
Malware in sbrugna...
EUVD-2023-2595
Malicious code in bioql PyPI...
EUVD-2024-0514
Malicious code in bioql PyPI...
CVE-2023-27523
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...
CVE-2024-24773
Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue...
BIT-SUPERSET-2023-27523 Apache Superset: Improper data permission validation on Jinja templated queries
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...
BIT-SUPERSET-2024-24773 Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue...
Apache Superset Information Disclosure Vulnerability (CNVD-2024-26535)
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an information disclosure vulnerability that is caused by improper data authorization. An attacker could exploit this vulnerability to obtain sensitive information...
Improper Authorization
apache-superset is vulnerable to Improper Authorization. The vulnerability is due to improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization...
GHSA-WR6G-9WCR-CMQJ Apache Superset: Improper data authorization when creating a new dataset
Apache Superset with custom roles that include can write on dataset and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data. This issue affects Apac...
Apache Superset: Improper data authorization when creating a new dataset
Apache Superset with custom roles that include can write on dataset and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data. This issue affects Apac...
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue...
GHSA-5474-F7G5-273Q Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue...
CVE-2024-24773
Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue...
CVE-2024-24773
Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue...
Input validation
Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue...
CVE-2024-24779 Apache Superset: Improper data authorization when creating a new dataset
Apache Superset with custom roles that include can write on dataset and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data. This issue affects Apac...
CVE-2024-24779 Apache Superset: Improper data authorization when creating a new dataset
Apache Superset with custom roles that include can write on dataset and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data. This issue affects Apac...
CVE-2024-24773 Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue...
CVE-2024-24773 Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue...