10 matches found
CVE-2022-23510
cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade ...
EUVD-2022-7533
Malicious code in bioql PyPI...
@codefresh-io/cubejs-backend-server-core (>=0.30.77 <=0.30.83), @cubejs-backend-json-clone/server (=1.0.0) +17 more potentially affected by CVE-2023-50709 via @cubejs-backend/api-gateway (>=0.0.18 <=0.33.65)
@cubejs-backend/api-gateway NPM version =0.0.18, =0.30.77, =0.0.8, =0.0.7, =0.0.24, =0.10.0, =0.10.0, =0.32.28, =0.33.43, =0.29.4, =1.0.0, =0.27.30, =0.30.61, =0.30.64 and more Source cves: CVE-2023-50709 Source advisory: OSV:GHSA-9759-3276-G2PM...
CVE-2022-23510
cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade ...
Design/Logic Flaw
cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade ...
CVE-2022-23510 SQl injection in cube-js
cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade ...
CVE-2022-23510 SQl injection in cube-js
cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade ...
CVE-2022-23510
The CVE-2022-23510 issue affects cube-js: all authenticated Cube clients could bypass SQL row-level security and execute arbitrary SQL via the /v1/sql-runner endpoint. Root cause: a newly introduced endpoint bypassed the modeling layer’s row-level security, enabling arbitrary queries against data...
PT-2022-16041 · Cube-Js · Cube-Js
Name of the Vulnerable Software and Affected Versions: cube-js version 0.31.23 Description: The issue concerns a headless business intelligence platform where all authenticated clients could bypass SQL row-level security and run arbitrary SQL via the /v1/sql-runner endpoint. This was resolved in...
Cube.js SQL注入漏洞
Cube.js is an open source analytics API platform open sourced from Cube.js in the United States. A SQL injection vulnerability exists in Cube.js versions prior to 0.31.24, which stems from the fact that all authenticated clients can bypass SQL row-level security and run arbitrary SQL via the newl...