We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and postgres analytics database connections set with a readonly user (advised) are not vulnerable. This issue affects Apache Superset: before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue.
Reserved 2024-12-09 | Published 2024-12-12 | Updated 2024-12-12 | Assigner apacheCWE-285 Improper Authorization
Beto de Almeida
Daniel Gaspar
James Ford (Striveworks)
lists.apache.org/thread/bwmd17fcvljt9q4cgctp4v09zh3qs7fb
Support options