VYPR
Medium severity5.6NVD Advisory· Published Mar 14, 2024· Updated Jun 17, 2026

CVE-2024-28251

CVE-2024-28251

Description

Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of query executions. Currently the CORS setting allows all origins, which could result in cross-site websocket hijacking and allow attackers to read/edit/remove datadocs of the user. This issue has been addressed in version 3.32.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Pinterest/Querybookllm-fuzzy2 versions
    >=3.32.0+ 1 more
    • (no CPE)range: >=3.32.0
    • (no CPE)range: < 3.32.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.