{"cve":{"cve_id":"CVE-2024-27315","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00969,"epss_percentile":0.5728,"epss_as_of":"2026-06-23","description":"An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data.\n\n\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.","published_at":"2024-02-28T10:06:48.685000Z","last_modified_at":null,"cvss_v3_score":4.3,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"partial","cwes":["CWE-209"],"nvd_references":["https://lists.apache.org/thread/qcwbx7q2s3ynsd405895bx3wcwq32j7z"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:54:51.652410Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"L","value_label":"Low"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"apache-software-foundation","vendor_name":"Apache Software Foundation","product_slug":"apache-superset","product_name":"Apache Superset","version_start":"0","version_start_inclusive":true,"version_end":"3.0.4","version_end_inclusive":false,"cpe23_uri":"cve5:apache-software-foundation:apache-superset:0:3.0.4"},{"vendor_slug":"apache-software-foundation","vendor_name":"Apache Software Foundation","product_slug":"apache-superset","product_name":"Apache Superset","version_start":"3.1.0","version_start_inclusive":true,"version_end":"3.1.1","version_end_inclusive":false,"cpe23_uri":"cve5:apache-software-foundation:apache-superset:3.1.0:3.1.1"}],"exploit_refs":[],"news":[],"references":[{"url":"https://lists.apache.org/thread/qcwbx7q2s3ynsd405895bx3wcwq32j7z","source_type":"MAILING_LIST","tags":["mailing-list"]}],"timeline":[{"type":"published","at":"2024-02-28T10:06:48.685000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:34:44.935294Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:34:44.935294Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:34:44.935294Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:54:51.652410Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:54:51.652410Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:54:51.652410Z","label":"SSVC decision revised","source":"vulnrichment"}]}