CVE-2022-27479

CWE-89SQL Injection5 documents4 sources
Severity
9.8CRITICAL
EPSS
4.3%
top 11.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache SupersetApache Superset
Timeline
PublishedApr 13
Latest updateApr 14

Description

Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDapache/superset< 1.4.2
PyPIapache-superset< 1.4.2
CVEListV5apache_software_foundation/apache_supersetunspecified1.4.2

🔴Vulnerability Details

4
OSV
SQL injection in apache-superset2022-04-14
GHSA
SQL injection in apache-superset2022-04-14
CVEList
SQL injection vulnerability in chart data API2022-04-13
OSV
CVE-2022-27479: Apache Superset before 12022-04-13
CVE-2022-27479 (CRITICAL CVSS 9.8) | Apache Superset before 1.4.2 is vul | cvebase.io