CVE-2024-39887 | Apache Apache Superset up to 4.0.1 sql injection

Posted by Angelo Barbosa | Jul 16, 2024 | CVE

A vulnerability, which was classified as critical, was found in Apache Apache Superset up to 4.0.1. Affected is the function version/query_to_xml/inet_server_addr/inet_client_addr. The manipulation leads to sql injection.

This vulnerability is traded as CVE-2024-39887. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-39887 | Apache Apache Superset up to 4.0.1 sql injection

Related Posts

CVE-2024-46903 | Trend Micro Deep Discovery Inspector sql injection (ZDI-24-1228)

CVE-2021-47449 | Linux Kernel up to 5.14.13 kernel/locking/mutex.c in_atomic deadlock (61616be89997/4d4a223a86af)

CVE-2024-25099 | David de Boer Paytium Plugin up to 4.4.2 on WordPress cross site scripting

CVE-2023-50901 | HasThemes HT Mega Plugin up to 2.3.8 on WordPress cross site scripting