-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| apache-superset | pip | <= 2.1.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper authorization checks during Jinja template processing in SQL queries. Key functions involved in query execution and templating (SqlaTable.get_sqla_query and execute_sql) are likely vulnerable because they handle user-inputted templates without sufficient post-rendering validation. These functions would normally be responsible for applying dataset-level permissions, but the Jinja context may allow attackers to bypass checks by manipulating template variables that reference unauthorized tables.
PythonPythonOngoing coverage of React2Shell