1 matches found
PYSEC-2021-378
Apache Superset up to and including 1.3.0 when configured with ENABLETEMPLATEPROCESSING on disabled by default allowed SQL injection when a malicious authenticated user sends an http request with a custom URL...