{"id":"PYSEC-2019-173","details":"In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab","aliases":["CVE-2019-12414","GHSA-9c29-9h4m-wg5p"],"modified":"2023-11-08T04:01:04.723320Z","published":"2019-12-16T22:15:00Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/396034aabe08dd349ff44eb062c718aadcf1b4e86f6372c7d5e988c0%40%3Cdev.superset.apache.org%3E"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-9c29-9h4m-wg5p"}],"affected":[{"package":{"name":"apache-superset","ecosystem":"PyPI","purl":"pkg:pypi/apache-superset"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.32"}]}],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/apache-superset/PYSEC-2019-173.yaml"}}],"schema_version":"1.7.3"}