This page collects WhisperX intelligence signals tagged #blocklist-bypass. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A SQL injection vulnerability in Apache Superset's PostgreSQL query authorization layer could allow attackers to bypass intended security restrictions. Tracked as CVE-2024-39887, the flaw centers on missing functions—particularly query_to_xml—from Superset's DISALLOWED_SQL_FUNCTIONS blocklist, enabling certain dangerou...
A security gap in Apache Superset's PostgreSQL function blocklist exposes databases to potential data exfiltration and side-effect risks. The DISALLOWED_SQL_FUNCTIONS configuration—intended to prevent dangerous SQL operations—lacks coverage for several PostgreSQL functions capable of reading files, executing arbitrary ...