漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache Superset: Metadata exposure in embedded charts
Vulnerability Description
When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. This issue affects Apache Superset: before 4.1.3. Users are recommended to upgrade to version 4.1.3, which fixes the issue.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Apache Superset 信息泄露漏洞
Vulnerability Description
Apache Superset是美国阿帕奇(Apache)基金会的一个数据可视化和数据探索平台。 Apache Superset 4.1.3之前版本存在信息泄露漏洞,该漏洞源于/chart/data端点响应包含底层查询信息,可能导致数据库架构信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A