8 matches found
BIT-SUPERSET-2023-49736 Apache Superset: SQL Injection on where_in JINJA macro
A wherein JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the...
SQL Injection
Apache Superset is vulnerable to SQL Injection. The vulnerability is due improper user input validation and sanitization in the wherein JINJA macro. This issue can be exploited by an attacker by injecting a quote within the JINJA macro resulting in the execution of arbitrary SQL statements...
CVE-2023-49736
A wherein JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the...
CVE-2023-49736
A wherein JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the...
Sql injection
A wherein JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the...
CVE-2023-49736 Apache Superset: SQL Injection on where_in JINJA macro
A wherein JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the...
CVE-2023-49736
CVE-2023-49736 describes a SQL injection vulnerability in Apache Superset caused by a vulnerable where_in JINJA macro. The issue allows an attacker to inject SQL via a quote parameter in the macro, with impact on confidentiality, integrity, and availability as described in the sources. Affected v...
PT-2023-31315 · Apache · Apache Superset
Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 2.1.2 Apache Superset versions 3.0.0 through 3.0.1 Description: A where in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apach...