Vulnerability Description
Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Superset | < 1.4.2 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2022/04/13/3Mailing ListThird Party Advisory
- https://lists.apache.org/thread/94th50j5d0y2fw7ysx0g7w3t6jk3z7q6Broken Link
- https://lists.apache.org/thread/ztb9b6jd9rngoxwvq8r4fhpp401o613yBroken Link
- http://www.openwall.com/lists/oss-security/2022/04/13/3Mailing ListThird Party Advisory
- https://lists.apache.org/thread/94th50j5d0y2fw7ysx0g7w3t6jk3z7q6Broken Link
- https://lists.apache.org/thread/ztb9b6jd9rngoxwvq8r4fhpp401o613yBroken Link
FAQ
What is CVE-2022-27479?
CVE-2022-27479 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.
How severe is CVE-2022-27479?
CVE-2022-27479 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-27479?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Superset.