apache-superset@1.2.0 vulnerabilities

A modern, enterprise-ready business intelligence web application

Direct Vulnerabilities

Known vulnerabilities in the apache-superset package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Information Exposure

apache-superset is a modern, enterprise-ready business intelligence web application.

Affected versions of this package are vulnerable to Information Exposure in the form of dataset metadata, including dataset name, columns, and metrics.

How to fix Information Exposure?

Upgrade apache-superset to version 1.5.1 or higher.

(,1.5.1)
  • C
SQL Injection

apache-superset is a modern, enterprise-ready business intelligence web application.

Affected versions of this package are vulnerable to SQL Injection in chart data requests.

How to fix SQL Injection?

Upgrade apache-superset to version 1.4.2 or higher.

(,1.4.2)
  • M
Insufficiently Protected Credentials

apache-superset is a modern, enterprise-ready business intelligence web application.

Affected versions of this package are vulnerable to Insufficiently Protected Credentials which allows registered database connections password leak for authenticated users.

How to fix Insufficiently Protected Credentials?

Upgrade apache-superset to version 1.4.0 or higher.

(,1.4.0)
  • H
Improper Output Neutralization for Logs

apache-superset is a modern, enterprise-ready business intelligence web application.

Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via HTTP endpoint which allowed for an authenticated user to forge log entries or inject malicious content into logs.

How to fix Improper Output Neutralization for Logs?

Upgrade apache-superset to version 1.3.2 or higher.

(,1.3.2)
  • M
Improper Output Neutralization for Logs

apache-superset is a modern, enterprise-ready business intelligence web application.

Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via HTTP endpoint which allowed for an authenticated user to forge log entries or inject malicious content into logs.

How to fix Improper Output Neutralization for Logs?

Upgrade apache-superset to version 1.3.2 or higher.

(,1.3.2)
  • M
Insufficiently Protected Credentials

apache-superset is a modern, enterprise-ready business intelligence web application.

Affected versions of this package are vulnerable to Insufficiently Protected Credentials via database connections password leak for authenticated users.

How to fix Insufficiently Protected Credentials?

Upgrade apache-superset to version 1.3.2 or higher.

(,1.3.2)
  • M
SQL Injection

apache-superset is a modern, enterprise-ready business intelligence web application.

Affected versions of this package are vulnerable to SQL Injection. When configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) it allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.

How to fix SQL Injection?

Upgrade apache-superset to version 1.3.1 or higher.

(,1.3.1)