Critical severityNVD Advisory· Published Apr 13, 2022· Updated Aug 3, 2024
SQL injection vulnerability in chart data API
CVE-2022-27479
Description
Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-supersetPyPI | < 1.4.2 | 1.4.2 |
Affected products
3- osv-coords2 versions
< 1.4.2+ 1 more
- (no CPE)range: < 1.4.2
- (no CPE)range: < 1.4.2
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-wh73-hpcg-v32jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-27479ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/04/13/3ghsamailing-listx_refsource_MLISTWEB
- github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2022-188.yamlghsaWEB
- lists.apache.org/thread/94th50j5d0y2fw7ysx0g7w3t6jk3z7q6ghsax_refsource_MISCWEB
- lists.apache.org/thread/ztb9b6jd9rngoxwvq8r4fhpp401o613yghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.