CVE-2021-41971

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in pypi/apache-superset

Identifiers

CVE-2021-41971

Package Slug

pypi/apache-superset

Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Description

Apache Superset up to and including when configured with ENABLETEMPLATEPROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.

Affected Versions

All versions up to 1.3.0

Solution

Upgrade to version 1.3.1 or above.

Last Modified

2021-10-25

source