{"id":"PYSEC-2026-1185","summary":"Apache Superset: Improper Neutralization of custom SQL on embedded context","details":"A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.","aliases":["BIT-superset-2024-24772","CVE-2024-24772","GHSA-m6jm-3v38-76j4"],"modified":"2026-07-07T17:56:59.101968968Z","published":"2026-07-07T11:45:33.156812Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24772"},{"type":"PACKAGE","url":"https://github.com/apache/superset"},{"type":"WEB","url":"https://lists.apache.org/thread/gfl3ckwy6y9tpz9jmpv62orh2q346sn5"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/02/28/5"},{"type":"PACKAGE","url":"https://pypi.org/project/apache-superset"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-m6jm-3v38-76j4"}],"affected":[{"package":{"name":"apache-superset","ecosystem":"PyPI","purl":"pkg:pypi/apache-superset"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.4"},{"introduced":"3.1.0"},{"fixed":"3.1.1"}]}],"versions":["0.34.0","0.34.1","0.35.1","0.35.2","0.36.0","0.37.0","0.37.1","0.37.2","0.38.0","0.38.1","1.0.0","1.0.1","1.1.0","1.2.0","1.3.0","1.3.1","1.3.2","1.4.0","1.4.1","1.4.2","1.5.0","1.5.1","1.5.2","1.5.3","2.0.0","2.0.1","2.1.0","2.1.1","2.1.1rc1","2.1.1rc2","2.1.1rc3","2.1.2","2.1.3","3.0.0","3.0.0rc1","3.0.0rc2","3.0.0rc3","3.0.0rc4","3.0.1","3.0.2","3.0.3","3.1.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/apache-superset/PYSEC-2026-1185.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}