Headline

GHSA-v594-2c97-hx38: Apache Superset vulnerable to improper data authorization

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.

1 year ago

ghsa

Open in Source

#apache #git #auth

Apache Superset vulnerable to improper data authorization

Moderate severity GitHub Reviewed Published Sep 6, 2023 to the GitHub Advisory Database • Updated Sep 7, 2023

Related news

1 year ago

ghsa: Latest News

GHSA-fm76-w8jw-xf8m: @saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source

17 hours ago

ghsa

GHSA-78p3-fwcq-62c2: @saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings

19 hours ago

ghsa

GHSA-cfqx-f43m-vfh7: @saltcorn/server arbitrary file and directory listing when accessing build mobile app results

19 hours ago

ghsa

GHSA-277h-px4m-62q8: @saltcorn/server arbitrary file zip read and download when downloading auto backups

19 hours ago

ghsa

GHSA-5gc2-7c65-8fq8: async-graphql Directive Overload

20 hours ago

ghsa