Primary

Context

Apache Superset SQL Injection Vulnerability Bypassing Row Level Security

Vulnerability

A SQL injection vulnerability has been identified in Apache Superset versions prior to 4.1.2. This issue allows authenticated malicious actors to bypass row level security configurations by injecting SQL into 'sqlExpression' fields. The injection of sub-queries can evade parsing defenses, ultimately leading to unauthorized access to data.

Impact

Exploitation of this vulnerability could result in improper authorization, allowing unauthorized access to data by bypassing row level security controls.

Remediation

Users are advised to upgrade to Apache Superset version 4.1.2 or later, which addresses this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Superset SQL Injection Vulnerability Bypassing Row Level Security

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating