VYPR

Cube.js

by Ec Cube Co.,ltd.

Source repositories

CVEs (1)

  • CVE-2022-23510CriDec 9, 2022
    risk 0.55cvss 9.6epss 0.01

    cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised…

VYPR — Vulnerability Intelligence