Jack Prince-Fulls

**Name of the Vulnerable Software and Affected Versions** Apache Superset versions prior to 2.1.2 Apache Superset versions 3.0.0 through 3.0.1 **Description** A where in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset. **Recommendations** For Apache Superset versions prior to 2.1.2, upgrade to version 2.1.2 or later. For Apache Superset versions 3.0.0 through 3.0.1, upgrade to version 3.0.2.