CVE-2022-27479: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

April 13, 2022 (updated April 21, 2022)

Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.

References

www.openwall.com/lists/oss-security/2022/04/13/3
lists.apache.org/thread/94th50j5d0y2fw7ysx0g7w3t6jk3z7q6
lists.apache.org/thread/ztb9b6jd9rngoxwvq8r4fhpp401o613y
nvd.nist.gov/vuln/detail/CVE-2022-27479

Code Behaviors & Features

Detect and mitigate CVE-2022-27479 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →