CVE-2022-27479: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
(updated )
Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.
References
Detect and mitigate CVE-2022-27479 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →