13 matches found
CVE-2026-25957
Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2...
Improper Handling of Exceptional Conditions
Overview @cubejs-backend/api-gateway is a package that provides idempotent long polling API. Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions in the Cube API endpoint. An attacker can cause the server to crash and make the API unavailable by sending ...
CVE-2026-25957
Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2...
CVE-2026-25957
Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2...
CVE-2026-25957 Cube Denial of Service (DoS) - An authenticated attacker can crash the server by sending a specially crafted request
Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2...
EUVD-2023-3170
Malicious code in bioql PyPI...
CVE-2023-50709
Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The issue has been patched in v0.34.34 and it's recommended that all users exposing Cube APIs...
Cube API denial of service attack
Impact It is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. Patches The issue has been patched in the v0.34.34 and it's recommended that all users exposing Cube APIs to the public internet upgrade to the latest version to prevent...
GHSA-9759-3276-G2PM Cube API denial of service attack
Impact It is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. Patches The issue has been patched in the v0.34.34 and it's recommended that all users exposing Cube APIs to the public internet upgrade to the latest version to prevent...
CVE-2023-50709
Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The issue has been patched in v0.34.34 and it's recommended that all users exposing Cube APIs...
CVE-2023-50709 Denial of service attack on the cube-api endpoint
Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The issue has been patched in v0.34.34 and it's recommended that all users exposing Cube APIs...
CVE-2023-50709 Denial of service attack on the cube-api endpoint
Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The issue has been patched in v0.34.34 and it's recommended that all users exposing Cube APIs...
CVE-2023-50709 Denial of service attack on the cube-api endpoint
Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The issue has been patched in v0.34.34 and it's recommended that all users exposing Cube APIs...