CVE-2022-41703: 
Python vulnerability analysis and mitigation

A critical-severity SQL injection vulnerability was discovered in the SQL Alchemy connector of Apache Superset, identified as CVE-2022-41703. The vulnerability affects Apache Superset versions 1.5.2 and prior versions, as well as version 2.0.0. The issue allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields, potentially accessing tables they shouldn't have permission to, even when the 'ALLOWADHOCSUBQUERY' feature flag is disabled (Security Online).

The vulnerability specifically impacts the SQL Alchemy connector component of Apache Superset, allowing unauthorized subquery additions to WHERE and HAVING fields. This bypass works even when the 'ALLOWADHOCSUBQUERY' feature flag is set to its default disabled state. The vulnerability was assigned a critical severity rating, indicating its serious nature and potential impact on system security (NVD).

The vulnerability enables authenticated users with read access to potentially access unauthorized tables within the same database, effectively bypassing intended access controls. This could lead to unauthorized data access and potential exposure of sensitive information (Security Online).

The vulnerability was addressed with the release of Apache Superset versions 1.5.3 and 2.0.1. No temporary workarounds were made available, and users were strongly advised to install the updates as soon as possible due to the critical nature of the vulnerability (Security Online).