Superset Security Vulnerabilities and Issues — Superset CVE List

Lucene search

ApacheSuperset

4 matches found

CVE•added 2024/12/09 2:15 p.m.•2510 views

CVE-2024-53947

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887 w...

9.8CVSS7AI score0.53487EPSS

CVE•added 2024/12/09 2:15 p.m.•1074 views

CVE-2024-53949

Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Allows for lower privilege users to use this API. issue affects Apache Superset: from 2.0.0 before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue.

7.6CVSS6.5AI score0.00237EPSS

CVE•added 2024/12/12 3:15 p.m.•62 views

CVE-2024-55633

Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and postgr...

7.1CVSS7.2AI score0.00473EPSS

CVE•added 2024/12/09 2:15 p.m.•60 views

CVE-2024-53948

Generation of Error Message Containing analytics metadata Information in Apache Superset. This issue affects Apache Superset: before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue.

5.3CVSS6.5AI score0.00267EPSS