Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.

Affected Packages

PyPI apache-superset

Affected versions: 0 (last affected: 2.1.0)

Related CVEs

CVE-2023-27523

Key Information

GHSA ID

GHSA-v594-2c97-hx38

Published

September 6, 2023 3:30 PM

Last Modified

September 7, 2023 1:59 PM

CVSS Score

5.0 /10

Primary Ecosystem

PyPI

Primary Package

apache-superset

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 27, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.