10 matches found
CVE-2022-23510
cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade ...
EUVD-2022-7533
Malicious code in bioql PyPI...
@codefresh-io/cubejs-backend-server-core (>=0.30.77 <=0.30.83), @cubejs-backend-json-clone/server (=1.0.0) +16 more potentially affected by CVE-2023-50709 via @cubejs-backend/api-gateway (>=0.0.18 <=0.33.65)
@cubejs-backend/api-gateway NPM version =0.0.18, =0.30.77, =0.0.8, =0.0.7, =0.0.24, =0.10.0, =0.10.0, =0.32.28, =0.29.4, =1.0.0, =0.27.30, =0.30.61, =0.32.0, =0.33.8 and more Source cves: CVE-2023-50709 Source advisory: OSV:GHSA-9759-3276-G2PM...
CVE-2022-23510
cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade ...
Design/Logic Flaw
cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade ...
CVE-2022-23510 SQl injection in cube-js
cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade ...
CVE-2022-23510
The CVE-2022-23510 issue affects cube-js: all authenticated Cube clients could bypass SQL row-level security and execute arbitrary SQL via the /v1/sql-runner endpoint. Root cause: a newly introduced endpoint bypassed the modeling layer’s row-level security, enabling arbitrary queries against data...
CVE-2022-23510 SQl injection in cube-js
cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade ...
Cube.js SQL注入漏洞
Cube.js is an open source analytics API platform open sourced from Cube.js in the United States. A SQL injection vulnerability exists in Cube.js versions prior to 0.31.24, which stems from the fact that all authenticated clients can bypass SQL row-level security and run arbitrary SQL via the newl...
PT-2022-16041 · Cube-Js · Cube-Js
Name of the Vulnerable Software and Affected Versions: cube-js version 0.31.23 Description: The issue concerns a headless business intelligence platform where all authenticated clients could bypass SQL row-level security and run arbitrary SQL via the /v1/sql-runner endpoint. This was resolved in...