1. Apache Superset CVE-2024-39887: PostgreSQL Blocklist Gap Enables SQL Restriction Bypass
A SQL injection vulnerability in Apache Superset's PostgreSQL query authorization layer could allow attackers to bypass intended security restrictions. Tracked as CVE-2024-39887, the flaw centers on missing functions—particularly query_to_xml—from Superset's DISALLOWED_SQL_FUNCTIONS blocklist, enabling certain dangerou...