[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2021-41971: Apache Superset: Possible SQL Injection when template processing is e
From: Daniel Gaspar <dpgaspar () apache ! org>
Date: 2021-10-15 13:06:39
Message-ID: 32945ab5-3cec-2ba1-cc35-b01dec67ed86 () apache ! org
[Download RAW message or body]
Severity: low
Description:
Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on \
(disabled by default) allowed SQL injection when a malicious authenticated user sends an http \
request with a custom URL.
Mitigation:
Don't enable ENABLE_TEMPLATE_PROCESSING (disabled by default).
Or upgrade to Apache Superset 1.3.1
Credit:
Apache Superset would like to thank Kevin Kusnardi for reporting this issue
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic