Apache · Apache Superset · CVE-2024-24773
**Name of the Vulnerable Software and Affected Versions**
Apache Superset versions prior to 3.0.4
Apache Superset versions 3.1.0 through 3.1.0
**Description**
The issue is related to the improper parsing of nested SQL statements on SQLLab, allowing authenticated users to surpass their data authorization scope.
**Recommendations**
For Apache Superset versions prior to 3.0.4, upgrade to version 3.1.1.
For Apache Superset versions 3.1.0, upgrade to version 3.1.1.