cubejs-backend/api-gateway is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the /v1/sql-runner
endpoint allows a malicious authenticated user to inject and execute arbitrary SQL queries on the target system.
CPE | Name | Operator | Version |
---|---|---|---|
@cubejs-backend/api-gateway | eq | 0.31.23 | |
@cubejs-backend/api-gateway | eq | 0.31.23 |