Superset@1.3.0 Security Vulnerabilities and Issues — Superset@1.3.0 CVE List

Lucene search

ApacheSuperset1.3.0

2 matches found

CVE•added 2021/10/18 3:15 p.m.•69 views

CVE-2021-41971

Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.

8.8CVSS8.9AI score0.00909EPSS

CVE•added 2023/04/24 4:15 p.m.•64 views

CVE-2023-30776

An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1.

6.5CVSS5.8AI score0.00191EPSS