3 matches found
@codefresh-io/cubejs-backend-server-core (>=0.30.77 <=0.30.83), @cubejs-backend-json-clone/server (=1.0.0) +16 more potentially affected by CVE-2023-50709 via @cubejs-backend/api-gateway (>=0.0.18 <=0.33.65)
@cubejs-backend/api-gateway NPM version =0.0.18, =0.30.77, =0.0.8, =0.0.7, =0.0.24, =0.10.0, =0.10.0, =0.32.28, =0.29.4, =1.0.0, =0.27.30, =0.30.61, =0.32.0, =0.33.8 and more Source cves: CVE-2023-50709 Source advisory: OSV:GHSA-9759-3276-G2PM...
CVE-2023-50709 Denial of service attack on the cube-api endpoint
Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The issue has been patched in v0.34.34 and it's recommended that all users exposing Cube APIs...
CVE-2023-50709 Denial of service attack on the cube-api endpoint
Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The issue has been patched in v0.34.34 and it's recommended that all users exposing Cube APIs...