4 matches found
EUVD-2024-23429
Malicious code in bioql PyPI...
CVE-2024-28251
Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of quer...
CVE-2024-26148
Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...
Querybook Security Vulnerability
Querybook is an open source big data query UI for Pinterest. A security vulnerability exists in Querybook versions prior to 3.31.2 that stems from insufficient cleaning of inputs, leading to a cross-site scripting XSS vulnerability...