CVE-2022-27479

Sažetak

Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.

Reference

https://lists.apache.org/thread/94th50j5d0y2fw7ysx0g7w3t6jk3z7q6
https://lists.apache.org/thread/ztb9b6jd9rngoxwvq8r4fhpp401o613y
http://www.openwall.com/lists/oss-security/2022/04/13/3

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

21-04-2022 - 02:42

Objavljeno

13-04-2022 - 19:15