漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache Superset: SQLLab Read-Only Bypass on PostgreSQL
Vulnerability Description
An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language (DML) statements (e.g., INSERT, UPDATE, DELETE) on read-only connections, it fails to detect them in specially crafted SQL statements. This issue affects Apache Superset: before 6.0.0. Users are recommended to upgrade to version 6.0.0, which fixes the issue.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
Apache Superset 安全漏洞
Vulnerability Description
Apache Superset是美国阿帕奇(Apache)基金会的一个数据可视化和数据探索平台。 Apache Superset 6.0.0之前版本存在安全漏洞,该漏洞源于输入验证不当,使用PostgreSQL数据库连接时,具有SQLLab访问权限的经过身份验证的用户可绕过只读验证检查。
CVSS Information
N/A
Vulnerability Type
N/A