Safety vulnerability ID: 72252
The information on this page was manually curated by our Cybersecurity Intelligence Team.
An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new configuration key named DISALLOWED_SQL_FUNCTIONS has been introduced. This key disallows using the following PostgreSQL functions: version, query_to_xml, inet_server_addr, and inet_client_addr. Additional functions can be added to this list for increased protection.
Latest version: 4.1.1
A modern, enterprise-ready business intelligence web application
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application