CVE-2021-37839

Name of the Vulnerable Software and Affected Versions Apache Superset versions up to 1.5.1

Description The issue allows authenticated users to access metadata information related to datasets they have no permission on. This metadata includes the dataset name, columns, and metrics.

Recommendations For Apache Superset versions up to 1.5.1, update to a version later than 1.5.1 to resolve the issue. As a temporary workaround, consider restricting access to metadata information for authenticated users until a patch is available.