Querybook@* Security Vulnerabilities and Issues — Querybook@* CVE List

Lucene search

PinterestQuerybook*

3 matches found

CVE•added 2024/02/28 6:15 p.m.•102 views

CVE-2024-27103

Querybook is a Big Data Querying UI. When a user searches for their queries, datadocs, tables and lists, the search result is marked and highlighted, and this feature uses dangerouslySetInnerHTML which means that if the highlighted result has an XSS payload it will trigger. While the input to dange...

6.1CVSS6.1AI score0.00494EPSS

CVE•added 2024/03/14 12:15 a.m.•58 views

CVE-2024-28251

Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of query ...

5.6CVSS5.4AI score0.00076EPSS

CVE•added 2024/02/21 11:15 p.m.•20 views

CVE-2024-26148

Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can p...

6.1CVSS6.2AI score0.0043EPSS