CVE-2021-41971
published 2021-10-18CVE-2021-41971: Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | superset | <= 1.3.0 | — |
| apache_software_foundation | apache_superset | >= Apache Superset < 1.3.1 | 1.3.1 |