npm package
@cubejs-backend/api-gateway
pkg:npm/%40cubejs-backend/api-gateway
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-50709 | — | < 0.34.34 | 0.34.34 | Dec 13, 2023 | Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The issue has been patched in `v0.34.34` and it's recommended that all users | ||
| CVE-2022-23510 | — | >= 0.31.23, < 0.31.24 | 0.31.24 | Dec 9, 2022 | cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised t |
- CVE-2023-50709Dec 13, 2023affected < 0.34.34fixed 0.34.34
Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The issue has been patched in `v0.34.34` and it's recommended that all users
- CVE-2022-23510Dec 9, 2022affected >= 0.31.23, < 0.31.24fixed 0.31.24
cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised t