Apache Superset SQL注入漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset versions 1.5.2 and earlier and 2.0.0 have a SQL injection vulnerability that stems from a problem with the SQL Alchemy connector, which allows an authenticated user with read acce...

PT-2023-14020 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions 1.5.2 and prior Apache Superset version 2.0.0 Description: A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the...