PyPi: Apache-Superset

CVE-2024-34693

Safety vulnerability ID: 71840

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jun 20, 2024 Updated at Apr 01, 2025

Scan your Python projects for vulnerabilities →

Advisory

An Improper Input Validation vulnerability in Apache Superset allows an authenticated attacker to establish a MariaDB connection with the local_infile option enabled. If both the MariaDB server (which has this feature disabled by default) and the local MySQL client on the web server are configured to allow local infile, the attacker can execute a specific SQL command to read files from the server and insert their contents into a MariaDB database table.

Affected package

apache-superset

Latest version: 4.1.2

A modern, enterprise-ready business intelligence web application

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 5.3

CVSS v3 Details

MEDIUM 5.3

Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): NONE
Availability Availability (A): NONE