You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2020/09/04 07:32:16 UTC

[GitHub] [incubator-superset] kpchennai opened a new issue #10791: SQL Injection - High Severity - A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database

kpchennai opened a new issue #10791:
URL: https://github.com/apache/incubator-superset/issues/10791


   A clear and concise description of what the bug is.
   
   ### Expected results
   
   what you expected to happen.
   
   ### Actual results
   
   what actually happens.
   
   #### Screenshots
   
   If applicable, add screenshots to help explain your problem.
   
   #### How to reproduce the bug
   
   1. Go to '...'
   2. Click on '....'
   3. Scroll down to '....'
   4. See error
   
   ### Environment
   
   (please complete the following information):
   
   - superset version: `superset version`
   - python version: `python --version`
   - node.js version: `node -v`
   - npm version: `npm -v`
   
   ### Checklist
   
   Make sure these boxes are checked before submitting your issue - thank you!
   
   - [ ] I have checked the superset logs for python stacktraces and included it here as text if there are any.
   - [ ] I have reproduced the issue with at least the latest released version of superset.
   - [ ] I have checked the issue tracker for the same issue and I haven't found one similar.
   
   ### Additional context
   
   Add any other context about the problem here.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [incubator-superset] willbarrett edited a comment on issue #10791: SQL Injection

Posted by GitBox <gi...@apache.org>.
willbarrett edited a comment on issue #10791:
URL: https://github.com/apache/incubator-superset/issues/10791#issuecomment-687428691


   @kpchennai if you have indeed discovered a vulnerability in Superset please email information on the vulnerability to security@apache.org rather than disclosing it publicly. This will notify the project PMC members of the vulnerability and allow us to cut a new release with a security fix before publicly disclosing the vulnerability as a CVE.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [incubator-superset] willbarrett closed issue #10791: SQL Injection - High Severity - A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database

Posted by GitBox <gi...@apache.org>.
willbarrett closed issue #10791:
URL: https://github.com/apache/incubator-superset/issues/10791


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [incubator-superset] willbarrett commented on issue #10791: SQL Injection - High Severity - A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database

Posted by GitBox <gi...@apache.org>.
willbarrett commented on issue #10791:
URL: https://github.com/apache/incubator-superset/issues/10791#issuecomment-687428691


   @kpchennai if you have indeed discovered a vulnerability in Superset please email information on the vulnerability to private@superset.apache.org rather than disclosing it publicly. This will notify the project PMC members of the vulnerability and allow us to cut a new release with a security fix before publicly disclosing the vulnerability as a CVE.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [incubator-superset] kpchennai commented on issue #10791: SQL Injection - High Severity - A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database

Posted by GitBox <gi...@apache.org>.
kpchennai commented on issue #10791:
URL: https://github.com/apache/incubator-superset/issues/10791#issuecomment-687586269


   @willbarrett Thanks for the info, will do the same


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [incubator-superset] dpgaspar commented on issue #10791: SQL Injection - High Severity - A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database

Posted by GitBox <gi...@apache.org>.
dpgaspar commented on issue #10791:
URL: https://github.com/apache/incubator-superset/issues/10791#issuecomment-687134986


   @kpchennai please fill out the issue template


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [incubator-superset] issue-label-bot[bot] commented on issue #10791: SQL Injection - High Severity - A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database

Posted by GitBox <gi...@apache.org>.
issue-label-bot[bot] commented on issue #10791:
URL: https://github.com/apache/incubator-superset/issues/10791#issuecomment-686970015


   Issue-Label Bot is automatically applying the label `#bug` to this issue, with a confidence of 0.90. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback! 
   
    Links: [app homepage](https://github.com/marketplace/issue-label-bot), [dashboard](https://mlbot.net/data/apache/incubator-superset) and [code](https://github.com/hamelsmu/MLapp) for this bot.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [incubator-superset] willbarrett edited a comment on issue #10791: SQL Injection - High Severity - A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database

Posted by GitBox <gi...@apache.org>.
willbarrett edited a comment on issue #10791:
URL: https://github.com/apache/incubator-superset/issues/10791#issuecomment-687428691


   @kpchennai if you have indeed discovered a vulnerability in Superset please email information on the vulnerability to security@superset.apache.org rather than disclosing it publicly. This will notify the project PMC members of the vulnerability and allow us to cut a new release with a security fix before publicly disclosing the vulnerability as a CVE.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org