BIT-superset-2022-27479

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/superset/BIT-superset-2022-27479.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-superset-2022-27479

Aliases

CVE-2022-27479
GHSA-wh73-hpcg-v32j
PYSEC-2022-188

Published

2025-02-05T07:29:25.394Z

Modified

2025-05-20T10:02:07.006Z

Summary

SQL injection vulnerability in chart data API

Details

Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.

Database specific

{
    "cpes": [
        "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
}

References

http://www.openwall.com/lists/oss-security/2022/04/13/3
https://lists.apache.org/thread/94th50j5d0y2fw7ysx0g7w3t6jk3z7q6
https://lists.apache.org/thread/ztb9b6jd9rngoxwvq8r4fhpp401o613y
https://nvd.nist.gov/vuln/detail/CVE-2022-27479

Affected packages

Bitnami / superset

Package

Name: superset
Purl: pkg:bitnami/superset

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.2