EPSS
Percentile
29.5%
apache-superset is vulnerable to SQL injection. The vulnerability allows an attacker to inject and execute arbitrary SQL statements using invalid column names in groupby, columns, filters, or metrics queries.
groupby
columns
filters
metrics
github.com/apache/incubator-superset/commit/465572325b6c880b81189a94a27417bbb592f540
lists.apache.org/thread.html/rf1faa368f580d2cb691576bee1277855f769667f3114d5df1dacbea6%40%3Cdev.superset.apache.org%3E
seclists.org/oss-sec/2020/q3/203