Linden Haynes

**Name of the Vulnerable Software and Affected Versions** Apache Superset versions prior to 3.0.4 Apache Superset versions 3.1.0 through 3.1.0 **Description** A guest user could exploit a chart data REST API and send arbitrary SQL statements that, on error, could leak information from the underlying analytics database. **Recommendations** For Apache Superset versions prior to 3.0.4, upgrade to version 3.0.4. For Apache Superset versions 3.1.0, upgrade to version 3.1.1.