CVE-2021-37839 Information

Description

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name columns and metrics.

Reference

https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82