CVE-2021-41971
pypi/apache-superset
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Apache Superset up to and including when configured with ENABLETEMPLATEPROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.
All versions up to 1.3.0
Upgrade to version 1.3.1 or above.
2021-10-25
source |