CVE-2022-27479

Published: Apr 13, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.

Vendor	Product	Versions
Apache Software Foundation	Apache Superset	affected `unspecified - < 1.4.2`

Weaknesses (CWE)

CWE-89

References

https://lists.apache.org/thread/94th50j5d0y2fw7ysx0g7w3t6jk3z7q6

x_refsource_MISC

https://lists.apache.org/thread/ztb9b6jd9rngoxwvq8r4fhpp401o613y

x_refsource_MISC

[oss-security] 20220413 CVE-2022-27479: Apache Superset: SQL injection vulnerability in chart data API

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-27479

Description

Affected Products

Weaknesses (CWE)

References