Improper Neutralization

2024-02-2904:38:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

apache-superset

vulnerability

sql injection

api

sensitive data

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

apache-superset is vulnerable for Improper Neutralization. The vulnerability is caused by a guest user sending syntactically incorrect SQL statements to the chart data rest api. When the API returns an error, sensitive analytic database information is leaked.