@cubejs-backend/api-gateway@0.28.14 vulnerabilities
Cube.js API Gateway
-
latest version
0.36.5
-
latest non vulnerable version
-
first published
6 years ago
-
latest version published
4 days ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @cubejs-backend/api-gateway package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
@cubejs-backend/api-gateway is a package that provides idempotent long polling API. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via a specially crafted request to a Cube API endpoint. An attacker can make the entire Cube API unavailable by submitting this request. How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')? Upgrade |
<0.34.34
|