iop
/
superset
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: CVEs fixed on 4.1.0 (#31352)

This commit is contained in:
Daniel Vaz Gaspar 2024-12-09 16:54:28 +00:00 committed by GitHub
parent 0133bab038
commit ae8c6865c9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/docs/security/cves.mdx
View File

@ -2,6 +2,14 @@
title: CVEs fixed by release
sidebar_position: 2
---
#### Version 4.1.0
| CVE | Title | Affected |
|:---------------|:-----------------------------------------------------------------------------------|---------:|
| CVE-2024-53947 | Improper SQL authorisation, parse for specific postgres functions | < 4.1.0 |
| CVE-2024-53948 | Error verbosity exposes metadata in analytics databases | < 4.1.0 |
| CVE-2024-53949 | Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled | < 4.1.0 |
#### Version 4.0.2
| CVE | Title | Affected |