CVE-2024-39887 | Apache Apache Superset up to 4.0.1 sql injection

Posted by Angelo Barbosa | Jul 16, 2024 | CVE

A vulnerability, which was classified as critical, was found in Apache Apache Superset up to 4.0.1. Affected is the function version/query_to_xml/inet_server_addr/inet_client_addr. The manipulation leads to sql injection.

This vulnerability is traded as CVE-2024-39887. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-39887 | Apache Apache Superset up to 4.0.1 sql injection

Related Posts

CVE-2024-30886 | HadSky 7.6.3 remotelink url cross site scripting (Issue 30)

CVE-2024-8665 | YITH Custom Login Plugin up to 1.7.3 on WordPress cross site scripting

CVE-2024-39736 | IBM Datacap Navigator 9.1.5/9.1.6/9.1.7/9.1.8/9.1.9 HTTP Header Host http headers for scripting syntax (XFDB-296003)

CVE-2024-42348 | FOGproject FOG up to 1.5.10.41.2 Computer Registration command injection (GHSA-456c-4gw3-c9xw)