CVE-2026-25957 Cube Denial of Service (DoS) - An authenticated attacker can crash the server by sending a specially crafted request

Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2...

EUVD-2024-49318

Malicious code in bioql PyPI...

BIT-GITLAB-2024-8640 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server...

CVE-2024-8640 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server...

CVE-2024-8640 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server...

CVE-2024-8640 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server...

CVE-2024-8640

Removed by vendor...

CVE-2024-8640

CVE-2024-8640 affects GitLab Enterprise Edition (GitLab EE) versions with all 16.11+, up to but not including 17.1.7; 17.2.x up to 17.2.5; and 17.3.x up to 17.3.2. Root cause is incomplete input filtering that enables command injection into a connected Cube server. Impact is high: confidentiality...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab EE, which stems from incomplete inpu...