Safety vulnerability ID: 76390
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887 with additional disallowed PostgreSQL functions now included: querytoxmlandxmlschema, tabletoxml, tabletoxmlandxmlschema.
Latest version: 4.1.2
A modern, enterprise-ready business intelligence web application
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application