apache-superset@1.3.2 vulnerabilities

A modern, enterprise-ready business intelligence web application

Direct Vulnerabilities

Known vulnerabilities in the apache-superset package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Information Exposure

apache-superset is a modern, enterprise-ready business intelligence web application.

Affected versions of this package are vulnerable to Information Exposure in the form of dataset metadata, including dataset name, columns, and metrics.

How to fix Information Exposure?

Upgrade apache-superset to version 1.5.1 or higher.

(,1.5.1)
  • C
SQL Injection

apache-superset is a modern, enterprise-ready business intelligence web application.

Affected versions of this package are vulnerable to SQL Injection in chart data requests.

How to fix SQL Injection?

Upgrade apache-superset to version 1.4.2 or higher.

(,1.4.2)
  • M
Insufficiently Protected Credentials

apache-superset is a modern, enterprise-ready business intelligence web application.

Affected versions of this package are vulnerable to Insufficiently Protected Credentials which allows registered database connections password leak for authenticated users.

How to fix Insufficiently Protected Credentials?

Upgrade apache-superset to version 1.4.0 or higher.

(,1.4.0)