Lucene search
K

3 matches found

OSV
OSV
added 2025/08/18 8:13 a.m.7 views

BIT-SUPERSET-2025-55674 Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions

A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...

6.5CVSS7.7AI score0.00628EPSS
Exploits0References3
OSV
OSV
added 2025/08/14 3:30 p.m.6 views

GHSA-FXGF-3XH6-M2PP Apache Superset has bypass of `DISALLOWED_SQL_FUNCTIONS` that allows execution of blocked SQL functions

A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...

5.3CVSS7.7AI score0.00628EPSS
Exploits0References4
OSV
OSV
added 2025/08/14 1:18 p.m.4 views

CVE-2025-55674 Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions

A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...

5.3CVSS6.9AI score0.00628EPSS
Exploits0References4
Rows per page
Query Builder