PyPi: Superset

CVE-2017-18342

Transitive

Safety vulnerability ID: 45807

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jun 27, 2018 Updated at Nov 07, 2023
Scan your Python projects for vulnerabilities →

Advisory

Superset 0.23.0a fixes a code execution vulnerability because of using unsafe yaml.load().
https://github.com/apache/superset/commit/7e949ee342226c5c213db46760c02a341b7099ff

Affected package

superset

Latest version: 0.30.1

Superset has moved to apache-superset, as of 0.34.0 onwards, please pip install apache-superset

Affected versions

Fixed versions

Vulnerability changelog

- [4500](https://github.com/apache/incubator-superset/pull/4500) Merge pull request 4500 from john-bodley/john-bodley-fix-pr-4396 (john-bodley)
- [b01a9bb](https://github.com/apache/incubator-superset/commit/b01a9bba1f2043435e6fc1b189661e27b7dbbaea) [setup] Fixing URLs
- [4538](https://github.com/apache/incubator-superset/pull/4538) Pass datasource as form_data param (4538) (Pek1s)
- [4f7258a](https://github.com/apache/incubator-superset/commit/4f7258aacaa5acf37c64769fa18da57f7dbd606e) [coverage] Replacing coveralls with codecov
- [4513](https://github.com/apache/incubator-superset/pull/4513) Superset issue 4512: fixing histogram (4513) (ArielStv)
- [4511](https://github.com/apache/incubator-superset/pull/4511) Fix how the annotation layer interpretes the timestamp string without timezone info; use it as UTC (4511) (EvelynTurner)
- [4515](https://github.com/apache/incubator-superset/pull/4515) [dashboard] (4515) (graceguo-supercat)
- [4482](https://github.com/apache/incubator-superset/pull/4482) chart style options get their own tab (4482) (GabeLoins)
- [4487](https://github.com/apache/incubator-superset/pull/4487) Make margin width based on container width instead of slice width (4487) (jeffreythewang)
- [7440d34](https://github.com/apache/incubator-superset/commit/7440d34936784283f692a39402bcb11a9eeaa6a3) [payload] Fixing regression introducted in 4396
- [4486](https://github.com/apache/incubator-superset/pull/4486) [Explore] applying refresh chart overlay when chart is stale (4486) (GabeLoins)
- [4480](https://github.com/apache/incubator-superset/pull/4480) Add https support for Druid (4480) (mistercrunch)
- [4491](https://github.com/apache/incubator-superset/pull/4491) Introduce an onInit method for when a new viz_type is selected (4491) (mistercrunch)
- [4488](https://github.com/apache/incubator-superset/pull/4488) fixes to csv - hive upload (4488) (timifasubaa)
- [4469](https://github.com/apache/incubator-superset/pull/4469) check for access before requesting access (4469) (timifasubaa)
- [4496](https://github.com/apache/incubator-superset/pull/4496) Change limit form 50k to 10k (4496) (mistercrunch)
- [4490](https://github.com/apache/incubator-superset/pull/4490) [WiP] Cleanup & fix URL scheme for the explore view (4490) (mistercrunch)
- [4485](https://github.com/apache/incubator-superset/pull/4485) [dashboard] Fix JS error when position_json data is empty (4485) (graceguo-supercat)
- [4463](https://github.com/apache/incubator-superset/pull/4463) New Landing Page v1.0 (4463) (hughhhh)
- [4459](https://github.com/apache/incubator-superset/pull/4459) [Explore] highlighting run query when chart is stale on explore view (4459) (GabeLoins)
- [4467](https://github.com/apache/incubator-superset/pull/4467) [geo] add controls for minRadiusPixels and maxRadiusPixels in deck_scatter (4467) (mistercrunch)
- [4477](https://github.com/apache/incubator-superset/pull/4477) [flake8] Adding flake8-coding (4477) (john-bodley)
- [4478](https://github.com/apache/incubator-superset/pull/4478) add organization (4478) (ailurus1991)
- [4466](https://github.com/apache/incubator-superset/pull/4466) [FilterBox] Make filterbox localizable (4466) (raffas)
- [4476](https://github.com/apache/incubator-superset/pull/4476) [flake8] Adding future-import check (4476) (john-bodley)
- [4474](https://github.com/apache/incubator-superset/pull/4474) [flake8] Fixing additional flake8 issue w/ the presence of ignore (4474) (john-bodley)
- [4475](https://github.com/apache/incubator-superset/pull/4475) Pass param of limit for recent activity (4475) (hughhhh)
- [4461](https://github.com/apache/incubator-superset/pull/4461) [hotfix] resolve utf-8 encoding issue in db migration (4461) (timifasubaa)
- [4457](https://github.com/apache/incubator-superset/pull/4457) [explore] allow URL shortner even if no slice exist (4457) (mistercrunch)
- [4400](https://github.com/apache/incubator-superset/pull/4400) Allowing config flag to turn off javascript controls (4400) (mistercrunch)
- [4449](https://github.com/apache/incubator-superset/pull/4449) Make instant controls store state in URL (4449) (betodealmeida)
- [4454](https://github.com/apache/incubator-superset/pull/4454) Make npm run dev-fast the default (4454) (mistercrunch)
- [4456](https://github.com/apache/incubator-superset/pull/4456) [gitignore] Adding venv to .gitignore (4456) (GabeLoins)
- [4444](https://github.com/apache/incubator-superset/pull/4444) A collection of bug fixes (4444) (mistercrunch)
- [4455](https://github.com/apache/incubator-superset/pull/4455) fixing spacing issue on internationalization dropdown (4455) (GabeLoins)
- [4452](https://github.com/apache/incubator-superset/pull/4452) [bugfix] address issue 4206 (4452) (mistercrunch)
- [4446](https://github.com/apache/incubator-superset/pull/4446) for 48 columns layout, adjust default size and layout for newly added slices (4446) (graceguo-supercat)
- [4413](https://github.com/apache/incubator-superset/pull/4413) Remove comments from queries in SQL Lab that break Explore view (4413) (villebro)
- [4450](https://github.com/apache/incubator-superset/pull/4450) fix typo. "グルプ分け可能" => "グループ分け可能" (4450) (m4neda)
- [4447](https://github.com/apache/incubator-superset/pull/4447) remove html tag in timeout error message (4447) (graceguo-supercat)
- [4442](https://github.com/apache/incubator-superset/pull/4442) Improve default placeholder text on SelectControl (4442) (mistercrunch)
- [4448](https://github.com/apache/incubator-superset/pull/4448) Removed double call to ConnectorRegistry.sources (4448) (villebro)
- [4408](https://github.com/apache/incubator-superset/pull/4408) Add link on how to get permission to permission error (4408) (timifasubaa)
- [4434](https://github.com/apache/incubator-superset/pull/4434) Added Example snippet for setting up Redis cache (4434) (hughhhh)
- [4336](https://github.com/apache/incubator-superset/pull/4336) Play scrubber (4336) (betodealmeida)
- [4430](https://github.com/apache/incubator-superset/pull/4430) Change current thumbnails to smaller ones. (4430) (mistercrunch)
- [4436](https://github.com/apache/incubator-superset/pull/4436) Pass in cache timeout for async queries (4436) (jeffreythewang)
- [4437](https://github.com/apache/incubator-superset/pull/4437) Fix separator visualization by propagating header height (4437) (jaylindquist)
- [4438](https://github.com/apache/incubator-superset/pull/4438) Make chart title backgrounds transparent to prevent buttonface color in IE (4438) (jaylindquist)
- [4416](https://github.com/apache/incubator-superset/pull/4416) [dashboard] more granular grid layout (4416) (mistercrunch)
- [4432](https://github.com/apache/incubator-superset/pull/4432) Added check cache key util (4432) (hughhhh)
- [4418](https://github.com/apache/incubator-superset/pull/4418) Updated Italian Translation (4418) (raffas)
- [4431](https://github.com/apache/incubator-superset/pull/4431) Add .1s option to D3 Format dropdown (4431) (raffas)
- [4405](https://github.com/apache/incubator-superset/pull/4405) Disable user access request (4405) (timifasubaa)
- [4427](https://github.com/apache/incubator-superset/pull/4427) Bump dependencies with security issues (4427) (xrmx)
- [3993](https://github.com/apache/incubator-superset/pull/3993) [Explore view] Use POST method for charting requests (3993) (graceguo-supercat)
- [4410](https://github.com/apache/incubator-superset/pull/4410) Unset 'series limit' default from 50 to null (4410) (mistercrunch)
- [4411](https://github.com/apache/incubator-superset/pull/4411) use full path in case of there are query params (4411) (Chun-LingChen)
- [4389](https://github.com/apache/incubator-superset/pull/4389) [geo] introduce "Auto Zoom" control (4389) (mistercrunch)
- [4401](https://github.com/apache/incubator-superset/pull/4401) [SqlLab] Fix a few UI issues (4401) (graceguo-supercat)
- [4404](https://github.com/apache/incubator-superset/pull/4404) Check class name string instead of checking the instance (4404) (mxmzdlv)
- [4380](https://github.com/apache/incubator-superset/pull/4380) [error handling] 'Time Comparison' query returns no data (4380) (mistercrunch)
- [4383](https://github.com/apache/incubator-superset/pull/4383) Typo fix: dashbaord -> dashboard. (4383) (xiaohanyu)
- [4396](https://github.com/apache/incubator-superset/pull/4396) Fix markup broken since cache related changes (4396) (mistercrunch)
- [4178](https://github.com/apache/incubator-superset/pull/4178) Add PeopleDoc in organizations list who use superset (4178) (rodo)
- [4390](https://github.com/apache/incubator-superset/pull/4390) Fix 4 security vulnerabilities (4390) (ddworken-sc)
- [4349](https://github.com/apache/incubator-superset/pull/4349) Minor fixes to sunburst (4349) (mistercrunch)
- [4346](https://github.com/apache/incubator-superset/pull/4346) Add permission checks to save_or_overwrite_slice (4346) (jaylindquist)
- [4388](https://github.com/apache/incubator-superset/pull/4388) Remove permission check for frontend logging API (4388) (graceguo-supercat)
- [4353](https://github.com/apache/incubator-superset/pull/4353) Superset issue 4323 (4353) (maver1ck)
- [4377](https://github.com/apache/incubator-superset/pull/4377) Bump pydruid to 0.4.1 (4377) (mistercrunch)
- [4359](https://github.com/apache/incubator-superset/pull/4359) [revert] Reverting PR 4062 (4359) (john-bodley)
- [4316](https://github.com/apache/incubator-superset/pull/4316) Fix caching issues (4316) (mistercrunch)
- [4372](https://github.com/apache/incubator-superset/pull/4372) Set default row_limit to 50k (4372) (mistercrunch)
- [4363](https://github.com/apache/incubator-superset/pull/4363) [line] improve feature (4363) (mistercrunch)
- [4373](https://github.com/apache/incubator-superset/pull/4373) Remove dangerouslySetInnerHTML in StackTraceMessage component (4373) (mistercrunch)
- [4341](https://github.com/apache/incubator-superset/pull/4341) Bump python dependencies (4341) (mistercrunch)
- [4333](https://github.com/apache/incubator-superset/pull/4333) Add hour grain to Sqlite (4333) (betodealmeida)
- [4358](https://github.com/apache/incubator-superset/pull/4358) [druid] fix bug around handling NULLs (4358) (mistercrunch)
- [4368](https://github.com/apache/incubator-superset/pull/4368) Add ipdb to dev dependencies. (4368) (xiaohanyu)
- [4319](https://github.com/apache/incubator-superset/pull/4319) convert postgresql date_trunc() to UTC to prevent pandas error (4319) (habalux)
- [4367](https://github.com/apache/incubator-superset/pull/4367) Remove useless empty npm-debug.log (4367) (xiaohanyu)
- [4364](https://github.com/apache/incubator-superset/pull/4364) New options for european time format in in D3_TIME_FORMAT_OPTIONS (4364) (raffas)
- [4344](https://github.com/apache/incubator-superset/pull/4344) Adding dashboard add view (4344) (michellethomas)
- [4345](https://github.com/apache/incubator-superset/pull/4345) fix uri form data' (4345) (timifasubaa)
- [4337](https://github.com/apache/incubator-superset/pull/4337) read query params for json in dashboard endpoint (4337) (hughhhh)
- [4339](https://github.com/apache/incubator-superset/pull/4339) 1. fix check filters change logic (4339) (graceguo-supercat)
- [4338](https://github.com/apache/incubator-superset/pull/4338) Fix the bug of charts/slices cannot be filtered by datasource name. (4338) (liutgnu)
- [4298](https://github.com/apache/incubator-superset/pull/4298) Refactor import csv (4298) (timifasubaa)
- [3676](https://github.com/apache/incubator-superset/pull/3676) [New Viz] Nightingale Rose Chart (3676) (Mogball)
- [4241](https://github.com/apache/incubator-superset/pull/4241) [cli] permission cleanup on 'superset init' (4241) (mistercrunch)
- [4224](https://github.com/apache/incubator-superset/pull/4224) [BugFix]: Creating a PostgresBaseEngineSpec so changes to the Postgre… (4224) (fabianmenges)
- [4325](https://github.com/apache/incubator-superset/pull/4325) Bump pyrdruid to 0.4.0 (4325) (mistercrunch)
- [4326](https://github.com/apache/incubator-superset/pull/4326) [explore] fix missing CacheLabel (4326) (mistercrunch)
- [4321](https://github.com/apache/incubator-superset/pull/4321) Update installation.rst for Ubuntu 16.04 LTS (4321) (raffas)
- [4322](https://github.com/apache/incubator-superset/pull/4322) [Bug] Resize should trigger chart re-render (4322) (graceguo-supercat)
- [4301](https://github.com/apache/incubator-superset/pull/4301) [Explore] Fix Stop Query Button behavior (4301) (graceguo-supercat)
- [4293](https://github.com/apache/incubator-superset/pull/4293) Refactoring deckgl (4293) (betodealmeida)
- [4226](https://github.com/apache/incubator-superset/pull/4226) add frontend logging utility function (4226) (graceguo-supercat)
- [4242](https://github.com/apache/incubator-superset/pull/4242) Added Path, Polygon, and Arcs to deckGL example dashboard (4242) (hughhhh)
- [4260](https://github.com/apache/incubator-superset/pull/4260) Use the query_obj as the basis for the cache key (4260) (mistercrunch)
- [4299](https://github.com/apache/incubator-superset/pull/4299) Bump sqlalchemy to 1.2.2 (4299) (xrmx)
- [4303](https://github.com/apache/incubator-superset/pull/4303) Reverts apache/incubator-superset4244 (4303) (mistercrunch)
- [4291](https://github.com/apache/incubator-superset/pull/4291) Fixing json decode error on druiddatasourcemodelview/api/read (4291) (michellethomas)
- [4272](https://github.com/apache/incubator-superset/pull/4272) [geo] Add JS controls to remaining layers (4272) (hughhhh)
- [4261](https://github.com/apache/incubator-superset/pull/4261) Set point size control's default for deck_scatter viz (4261) (mistercrunch)
- [4270](https://github.com/apache/incubator-superset/pull/4270) deck_multi to pass down filters to layers (4270) (mistercrunch)
- [4275](https://github.com/apache/incubator-superset/pull/4275) Handle 'pd.Timestamp' when jsonifying (4275) (mistercrunch)
- [4276](https://github.com/apache/incubator-superset/pull/4276) Prevent FilterBox extra query (4276) (mistercrunch)
- [4277](https://github.com/apache/incubator-superset/pull/4277) Fix SUPERSET_WEBSERVER_TIMEOUT in VisualizeModal (4277) (mistercrunch)
- [4262](https://github.com/apache/incubator-superset/pull/4262) [geo] JS function to receive the whole data array instead of individual object (4262) (mistercrunch)
- [4265](https://github.com/apache/incubator-superset/pull/4265) Fix click on now in DateFilterControl (4265) (mistercrunch)
- [4273](https://github.com/apache/incubator-superset/pull/4273) [explore] fix empty query message in 'View Query' (4273) (mistercrunch)
- [4279](https://github.com/apache/incubator-superset/pull/4279) Always use fluid container for navbar. (4279) (xiaohanyu)
- [4108](https://github.com/apache/incubator-superset/pull/4108) [BUGFIX]: Check datatype of results before converting to DataFrame (4108) (marcusianlevine)
- [4243](https://github.com/apache/incubator-superset/pull/4243) Use json for imports and exports, not pickle (4243) (timifasubaa)
- [4251](https://github.com/apache/incubator-superset/pull/4251) Using a NullPool for external connections by default (4251) (mistercrunch)
- [4264](https://github.com/apache/incubator-superset/pull/4264) Set 'Range Filter' default to false (4264) (mistercrunch)
- [4268](https://github.com/apache/incubator-superset/pull/4268) Fix heatmap tooltip disappears under the slice's header (4268) (abotero)
- [4263](https://github.com/apache/incubator-superset/pull/4263) Bump flower==0.9.2 (4263) (mistercrunch)
- [4240](https://github.com/apache/incubator-superset/pull/4240) [cache] Fixing json.dumps for timestamp (4240) (john-bodley)
- [4246](https://github.com/apache/incubator-superset/pull/4246) [Sql Lab] Fix query results display at the bottom of screen (4246) (graceguo-supercat)
- [4244](https://github.com/apache/incubator-superset/pull/4244) [Sql Lab] Fix Autorefresh component pulling not stopped. (4244) (graceguo-supercat)
- [4237](https://github.com/apache/incubator-superset/pull/4237) Fix 'argument to reversed() must be a sequence' (4237) (mistercrunch)
- [4227](https://github.com/apache/incubator-superset/pull/4227) Added DeckGL.Polygon Layer w/ JS controls (4227) (hughhhh)
- [4235](https://github.com/apache/incubator-superset/pull/4235) remove setting spatial in DeckPathViz class (4235) (hughhhh)
- [4229](https://github.com/apache/incubator-superset/pull/4229) Don't cache if there's no cache key (4229) (michellethomas)
- [4234](https://github.com/apache/incubator-superset/pull/4234) add Ona as a user (4234) (pld)
- [4220](https://github.com/apache/incubator-superset/pull/4220) Improve deck.gl GeoJSON visualization (4220) (mistercrunch)
- [4221](https://github.com/apache/incubator-superset/pull/4221) [bugfix] time_pivot entry got missing in merge conflict (4221) (mistercrunch)
- [4225](https://github.com/apache/incubator-superset/pull/4225) [bugfix] markup and iframe viz raise 'Empty query' (4225) (mistercrunch)
- [4215](https://github.com/apache/incubator-superset/pull/4215) Fix tutorial doesn't match the current interface 4138 (4215) (zhaoyongjie)
- [4217](https://github.com/apache/incubator-superset/pull/4217) templates: open code and documentation on a new tab (4217) (xrmx)
- [4207](https://github.com/apache/incubator-superset/pull/4207) Adding limit to time_table viz to get druid query to work (4207) (michellethomas)
- [4202](https://github.com/apache/incubator-superset/pull/4202) [line chart] fix time shift color (4202) (mistercrunch)
- [4016](https://github.com/apache/incubator-superset/pull/4016) [cache] Using the query as the basis of the cache key (4016) (john-bodley)
- [4203](https://github.com/apache/incubator-superset/pull/4203) [druid] fix 2 phases queries that specify 'Sort By' on 'Series limit' (4203) (mistercrunch)
- [4200](https://github.com/apache/incubator-superset/pull/4200) [bugfix] dealing with DBAPIs that return unserilizable types (4200) (mistercrunch)
- [4134](https://github.com/apache/incubator-superset/pull/4134) [Geo] Added DeckGL Arc Layer and Refactor on BaseDeckGL class (4134) (hughhhh)
- [4126](https://github.com/apache/incubator-superset/pull/4126) Hanization (4126) (asdf2014)
- [4114](https://github.com/apache/incubator-superset/pull/4114) Superset was using undefined metrics for specifying limits (4114) (bolkedebruin)
- [4173](https://github.com/apache/incubator-superset/pull/4173) Using user-defined Javascript to customize geospatial visualization (4173) (mistercrunch)
- [4183](https://github.com/apache/incubator-superset/pull/4183) [datasource editor] click checkbox creates metrics instantly (4183) (mistercrunch)
- [4201](https://github.com/apache/incubator-superset/pull/4201) [explore] fix json highlighting for Druid queries (4201) (mistercrunch)
- [4186](https://github.com/apache/incubator-superset/pull/4186) Sort out dependencies in travis/tox (4186) (mistercrunch)
- [4184](https://github.com/apache/incubator-superset/pull/4184) Enable SQL syntax highlighting in View Query (4184) (betodealmeida)
- [4187](https://github.com/apache/incubator-superset/pull/4187) [annotations] Fixing migration for annotation layers (4187) (john-bodley)
- [4176](https://github.com/apache/incubator-superset/pull/4176) fix since or until is empty value 4170 (4176) (zhaoyongjie)
- [4182](https://github.com/apache/incubator-superset/pull/4182) Moving the custom_password_store out of Database class (4182) (fabianmenges)
- [4180](https://github.com/apache/incubator-superset/pull/4180) [security] Adding all derived FAB UserModelView views to admin only (4180) (john-bodley)
- [4101](https://github.com/apache/incubator-superset/pull/4101) Don't use fully qualified column names in metric definitions (4101) (mistercrunch)
- [4172](https://github.com/apache/incubator-superset/pull/4172) [FAB] configuring updating of permissions (4172) (john-bodley)
- [4164](https://github.com/apache/incubator-superset/pull/4164) Allow alpha role import csv (4164) (timifasubaa)
- [4147](https://github.com/apache/incubator-superset/pull/4147) Make Welcome page into a simple React app (4147) (mistercrunch)
- [4156](https://github.com/apache/incubator-superset/pull/4156) Fix chart rendering error in time series table (4156) (graceguo-supercat)
- [4157](https://github.com/apache/incubator-superset/pull/4157) [Bug] Closing change datasource modal throws JS error (4157) (graceguo-supercat)
- [4162](https://github.com/apache/incubator-superset/pull/4162) Check for non-None database before using. (4162) (atronchi)
- [4163](https://github.com/apache/incubator-superset/pull/4163) Druid support via SQLAlchemy (4163) (betodealmeida)
- [4125](https://github.com/apache/incubator-superset/pull/4125) Fix invaild gitter url (4125) (asdf2014)
- [4148](https://github.com/apache/incubator-superset/pull/4148) Adding Apache Kylin datasource for documentation (4148) (zhaoyongjie)
- [4143](https://github.com/apache/incubator-superset/pull/4143) Create DATA_DIR after importing config (4143) (leorochael)
- [4121](https://github.com/apache/incubator-superset/pull/4121) Fix USA's state geojson for 'Country Map' visualization (4121) (mistercrunch)
- [4139](https://github.com/apache/incubator-superset/pull/4139) fix variable name (4139) (timifasubaa)
- [4130](https://github.com/apache/incubator-superset/pull/4130) Remedy for dual axis annotation (4130) (Mogball)
- [4104](https://github.com/apache/incubator-superset/pull/4104) [explore] add datasource metadata (4104) (mistercrunch)
- [4135](https://github.com/apache/incubator-superset/pull/4135) better thumbnail for deck_geojson (4135) (hughhhh)
- [4124](https://github.com/apache/incubator-superset/pull/4124) Added guard statement for spatial controls (4124) (hughhhh)
- [4096](https://github.com/apache/incubator-superset/pull/4096) Multi layers DECK.GL visualization (4096) (mistercrunch)
- [4116](https://github.com/apache/incubator-superset/pull/4116) Fix rst grammar problems (4116) (asdf2014)
- [4118](https://github.com/apache/incubator-superset/pull/4118) Update UserInfo.jsx and set additional properties for react-gravatar (4118) (jpesculis)
- [4097](https://github.com/apache/incubator-superset/pull/4097) [geo] Added DeckGL GeoJson layer (4097) (hughhhh)
- [4076](https://github.com/apache/incubator-superset/pull/4076) Introduce Javascript controls (4076) (mistercrunch)
- [4042](https://github.com/apache/incubator-superset/pull/4042) [Bugfix] Issues with merge_extra_filters (4042) (4091) (nbonnotte)
- [3996](https://github.com/apache/incubator-superset/pull/3996) [sql lab] deeper support for templating (3996) (mistercrunch)
- [4067](https://github.com/apache/incubator-superset/pull/4067) [geo] add support for deck.gl's path layer (4067) (mistercrunch)
- [4090](https://github.com/apache/incubator-superset/pull/4090) Using TextAreaControl for WHERE and HAVING clause section (4090) (mistercrunch)
- [4071](https://github.com/apache/incubator-superset/pull/4071) Fix for SQL editor throwing can't deserialize google.cloud.bigquery._helpers.Row with BigQuery (4071) (kuriancheeramelil)
- [4089](https://github.com/apache/incubator-superset/pull/4089) Bugfix: Druid having filters are broken (4089) (fabianmenges)
- [4083](https://github.com/apache/incubator-superset/pull/4083) Event annotation should have min width (4083) (fabianmenges)
- [4082](https://github.com/apache/incubator-superset/pull/4082) [bugfix] iframe and markup are broken (4082) (mistercrunch)
- [4072](https://github.com/apache/incubator-superset/pull/4072) DB migration of annotation_layers on slice objects and slimming down annotation object. (4072) (fabianmenges)
- [4073](https://github.com/apache/incubator-superset/pull/4073) [Bugfix] Issues with table filtering (4073) (Mogball)
- [3530](https://github.com/apache/incubator-superset/pull/3530) [Feature] enhanced memoized on get_sqla_engine and other functions (3530) (Mogball)
- [3518](https://github.com/apache/incubator-superset/pull/3518) Full Annotation Framework (3518) (fabianmenges)
- [4065](https://github.com/apache/incubator-superset/pull/4065) 4058 Fix Oracle timestamps (Oracle "ORA-00907: missing right parenthesis" error) (4065) (nichobbs)
- [4066](https://github.com/apache/incubator-superset/pull/4066) [geo] turn off renderTrigger on viewport control (4066) (mistercrunch)
- [4062](https://github.com/apache/incubator-superset/pull/4062) [health] Adding DB check to /health (4062) (john-bodley)
- [4059](https://github.com/apache/incubator-superset/pull/4059) Adding rowcount label to explore view header (4059) (mistercrunch)
- [4032](https://github.com/apache/incubator-superset/pull/4032) [geo] provide more flexible Spatial controls (4032) (mistercrunch)
- [4063](https://github.com/apache/incubator-superset/pull/4063) Add db_engine_spec for Druid (4063) (mistercrunch)
- [4048](https://github.com/apache/incubator-superset/pull/4048) Bump dev version on trunk (4048) (mistercrunch)
- [4045](https://github.com/apache/incubator-superset/pull/4045) Changelog for 0.21.0 (4045) (mistercrunch)
- [4047](https://github.com/apache/incubator-superset/pull/4047) Fix the pypi build (4047) (mistercrunch)
- [4049](https://github.com/apache/incubator-superset/pull/4049) Change reference for slices to chart (4049) (hughhhh)

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

CRITICAL 9.8

CVSS v3 Details

CRITICAL 9.8
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH

CVSS v2 Details

HIGH 7.5
Access Vector (AV)
NETWORK
Access Complexity (AC)
LOW
Authentication (Au)
NONE
Confidentiality Impact (C)
PARTIAL
Integrity Impact (I)
PARTIAL
Availability Impact (A)
PARTIAL