High severityNVD Advisory· Published Oct 18, 2021· Updated Aug 4, 2024
Possible SQL Injection when template processing is enabled
CVE-2021-41971
Description
Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-supersetPyPI | < 1.3.1 | 1.3.1 |
Affected products
3- osv-coords2 versions
< 1.3.1+ 1 more
- (no CPE)range: < 1.3.1
- (no CPE)range: < 1.3.1
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-pg8m-4p8j-2p56ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-41971ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-378.yamlghsaWEB
- lists.apache.org/thread.html/rf7292731268c6c6e2196ae1583e32ac7189385364268f8d9215e8e6d%40%3Cdev.superset.apache.org%3Eghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.