{"id":"PYSEC-2019-172","details":"In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query.","aliases":["CVE-2019-12413","GHSA-p5w7-qmq6-pmjr"],"modified":"2023-11-08T04:01:04.661376Z","published":"2019-12-16T22:15:00Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/85ab04f8c52df8c353ecfa0ecd2ff27fc07fb8ab7566a754349806be%40%3Cdev.superset.apache.org%3E"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-p5w7-qmq6-pmjr"}],"affected":[{"package":{"name":"apache-superset","ecosystem":"PyPI","purl":"pkg:pypi/apache-superset"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.31"}]}],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/apache-superset/PYSEC-2019-172.yaml"}}],"schema_version":"1.7.3"}