This page collects WhisperX intelligence signals tagged #read-only bypass. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A GitHub pull request has been opened to revert the patch addressing CVE-2024-55633 in Apache Superset's SQLLab, effectively reintroducing a security vulnerability that allows crafted DML statements to bypass read-only restrictions on PostgreSQL databases. The revert removes EXPLAIN ANALYZE DML detection logic, potenti...
A critical Improper Authorization vulnerability in Apache Superset's SQLLab feature allows authenticated users to execute write operations on Postgres analytic databases that should be restricted to read-only access. The flaw stems from improper validation of SQL DML statements, enabling specially crafted queries to by...