CVE-2022-27479

Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 1.4.2

Description The issue is related to a lack of validation of XML object sequences, which can be exploited by a remote attacker to conduct SQL injection attacks. This can occur in chart data requests. The estimated number of potentially affected devices is not specified.

Recommendations For versions prior to 1.4.2, update to version 1.4.2 or higher to address the issue. As a temporary workaround, consider restricting access to chart data requests until the update is applied.