Количество 2
Количество 2
CVE-2022-23510
cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade to 0.31.24 or to downgrade to 0.31.22. There are no known workarounds for this vulnerability.
GHSA-6jqm-3c9g-pch7
@cubejs-backend/api-gateway row level security bypass
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-23510 cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade to 0.31.24 or to downgrade to 0.31.22. There are no known workarounds for this vulnerability. | CVSS3: 9.6 | 0% Низкий | около 3 лет назад |
| GHSA-6jqm-3c9g-pch7 @cubejs-backend/api-gateway row level security bypass | CVSS3: 7.7 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу