GHSA-9VPH-2HVM-X66G Cube Core is vulnerable to Denial of Service (DoS) via crafted request

Impact It is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. Affected Versions: = 1.1.17 Mitigation: Upgrade to a patched version: - 1.5.13 and later regular release - 1.4.2 active LTS release References The issue was reported by...

Cube Core is vulnerable to Denial of Service (DoS) via crafted request

Impact It is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. Affected Versions: = 1.1.17 Mitigation: Upgrade to a patched version: - 1.5.13 and later regular release - 1.4.2 active LTS release References The issue was reported by...

Cube Core is vulnerable to privilege escalation via a specially crafted request

Impact It is possible to make a specially crafted request with a valid API token that leads to privilege escalation. Affected Versions: ≥= 0.27.19 Mitigation: Upgrade to a patched version: - 1.5.13 and later regular release - 1.4.2 active LTS release - 1.0.14 end-of-life LTS release References Th...

GHSA-V226-32C7-X2V7 Cube Core is vulnerable to privilege escalation via a specially crafted request

Impact It is possible to make a specially crafted request with a valid API token that leads to privilege escalation. Affected Versions: ≥= 0.27.19 Mitigation: Upgrade to a patched version: - 1.5.13 and later regular release - 1.4.2 active LTS release - 1.0.14 end-of-life LTS release References Th...