CVE-2024-24773 Information

Description

Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4 from 3.1.0 before 3.1.1.

Users are recommended to upgrade to version 3.1.1 which fixes the issue.

Reference

https://lists.apache.org/thread/h66fy6nj41cfx07zh7l552w6dmtjh501 http://www.openwall.com/lists/oss-security/2024/02/28/4