River Koh

**Name of the Vulnerable Software and Affected Versions** Apache Superset versions prior to 6.0.0 **Description** An improper authorization issue exists in Apache Superset that allows a low-privileged user to bypass data access controls. Specifically, an authenticated attacker with permissions to write datasets and read charts can bypass permission checks by overwriting the SQL query of an existing dataset when creating a dataset. This allows unauthorized data access. **Recommendations** Upgrade to version 6.0.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Access point (affected versions not specified) **Description** Successful exploitation of the issue could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.