9 matches found
BIT-SUPERSET-2023-49736 Apache Superset: SQL Injection on where_in JINJA macro
A wherein JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the...
Apache Superset SQL Injection Vulnerability (CNVD-2024-0102192)
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that can be exploited by an authenticated, remote attacker to send specially crafted SQL statements to the wherein JINJA macro...
SQL Injection
Apache Superset is vulnerable to SQL Injection. The vulnerability is due improper user input validation and sanitization in the wherein JINJA macro. This issue can be exploited by an attacker by injecting a quote within the JINJA macro resulting in the execution of arbitrary SQL statements...
CVE-2023-49736
A wherein JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the...
CVE-2023-49736
A wherein JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the...
Sql injection
A wherein JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the...
CVE-2023-49736
CVE-2023-49736 describes a SQL injection vulnerability in Apache Superset caused by a vulnerable where_in JINJA macro. The issue allows an attacker to inject SQL via a quote parameter in the macro, with impact on confidentiality, integrity, and availability as described in the sources. Affected v...
CVE-2023-49736 Apache Superset: SQL Injection on where_in JINJA macro
A wherein JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the...
PT-2023-31315 · Apache · Apache Superset
Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 2.1.2 Apache Superset versions 3.0.0 through 3.0.1 Description: A where in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apach...