Apache Superset is a modern, enterprise-class business intelligence Web application. a SQL injection vulnerability exists in Apache Superset 1.3.0 and earlier versions when ENABLE_TEMPLATE_PROCESSING is enabled. An authenticated attacker can exploit this vulnerability to conduct SQL injection attacks by sending an http request with a custom URL.