Medium
Apache Superset is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the chart data API, which could allow the attacker to view, add, modify or delete information in the back-end database.
Data Manipulation
CVE-2022-27479
Apache
Apache Superset 1.4.1
Refer to the vendor website for patches, upgrades, and workarounds here: