In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade apache-superset
to version 4.1.0rc2 or higher.
apache-superset is a modern, enterprise-ready business intelligence web application.
Affected versions of this package are vulnerable to Improper Authorization through the SQLLab component. An attacker can execute unauthorized write operations by crafting a specially designed SQL DML statement that is incorrectly identified as a read-only query.
Note:
This is only exploitable if the database connection is not set with a readonly user.