Lucene search

K

Cube-js Security Vulnerabilities

cve
cve

CVE-2023-50709

Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The issue has been patched in v0.34.34 and it's recommended that all users exposing Cube APIs.....

7.5CVSS

7.5AI Score

0.0005EPSS

2023-12-13 10:15 PM
7
cve
cve

CVE-2022-23510

cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade...

9.6CVSS

8.8AI Score

0.001EPSS

2022-12-09 11:15 PM
42