SQL Injection Vulnerability in Apache Superset 1.3.0

CVE-2021-41971 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.