James Ford

**Name of the Vulnerable Software and Affected Versions** Apache Superset versions prior to 4.1.0 **Description** The issue is related to improper authorization in Apache Superset, specifically affecting Postgres analytic databases. An attacker with access to SQLLab can craft a specially designed SQL DML statement that is incorrectly identified as a read-only query, allowing its execution and potentially enabling unauthorized write access. Non-Postgres analytics database connections and Postgres analytics database connections set with a readonly user are not vulnerable. **Recommendations** To resolve the issue, users are recommended to upgrade to version 4.1.0, which fixes the problem. As a temporary workaround, consider restricting access to SQLLab or setting up Postgres analytics database connections with a readonly user to minimize the risk of exploitation.