@cubejs-backend/api-gateway@0.31.23 vulnerabilities
Cube.js API Gateway
-
latest version
0.35.54
-
latest non vulnerable version
-
first published
5 years ago
-
latest version published
6 days ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @cubejs-backend/api-gateway package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
@cubejs-backend/api-gateway is a package that provides idempotent long polling API. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via a specially crafted request to a Cube API endpoint. An attacker can make the entire Cube API unavailable by submitting this request. How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')? Upgrade |
<0.34.34
|
@cubejs-backend/api-gateway is a package that provides idempotent long polling API. Affected versions of this package are vulnerable to Access Restriction Bypass when all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL commands via the newly introduced How to fix Access Restriction Bypass? Upgrade |
>=0.31.23 <0.31.24
|