1. Apache Superset Reverts MariaDB Security Patch, Reintroducing Arbitrary File Read Vulnerability CVE-2024-34693
A critical security fix addressing CVE-2024-34693 has been removed from Apache Superset, restoring a vulnerability that allows authenticated users to read arbitrary files from MariaDB servers. The revert strips away local_infile connection parameter restrictions from MariaDBEngineSpec, enabling LOAD DATA LOCAL INFILE t...