You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query.
Impact
What kind of vulnerability is it? Who is impacted?
Patches
Has the problem been patched? What versions should users upgrade to?
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
References
Are there any links users can visit to find out more?
For more information
If you have any questions or comments about this advisory:
Packages Affected versions Patched versions
apache-superset (pip) < 0.31.0 0.31.0
In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query.
References
https://nvd.nist.gov/vuln/detail/CVE-2019-12413
https://lists.apache.org/thread.html/85ab04f8c52df8c353ecfa0ecd2ff27fc07fb8ab7566a754349806be%40%3Cdev.superset.apache.org%3E
more info:
https://github.com/ruzyysmartt /pragma-solidity-repository
©GitHub. 2020