'[oss-security] CVE-2022-27479: Apache Superset: SQL injection vulnerability in chart data API'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2022-27479: Apache Superset: SQL injection vulnerability in chart data API
From:       Ville Brofeldt <villebro () apache ! org>
Date:       2022-04-13 16:31:29
Message-ID: c2d11523-cf18-652b-a817-de0dccd15910 () apache ! org
[Download RAW message or body]

Description:

Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data =
requests. Users should update to 1.4.2 or higher which addresses this issue=
.

This issue is being tracked as SUPERSET-20

References:

https://lists.apache.org/thread/94th50j5d0y2fw7ysx0g7w3t6jk3z7q6
https://lists.apache.org/thread/ztb9b6jd9rngoxwvq8r4fhpp401o613y

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic