<p>Upgrade <code>@cubejs-backend/api-gateway</code> to version 0.11.17 or higher.</p>

=0.11.0 <0.11.17

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JS-CUBEJSBACKENDAPIGATEWAY-536072
published 28 Nov 2019
disclosed 8 Nov 2019
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 8 Nov 2019

CWE-287 Open this link in a new tab

How to fix?

Upgrade @cubejs-backend/api-gateway to version 0.11.17 or higher.

Overview

@cubejs-backend/api-gateway is a package that provides idempotent long polling API.

Affected versions of this package are vulnerable to Authentication Bypass. Default Express middleware security check used for authentication of users is ignored in production,

References

GitHub Advisory

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

None
Integrity (I)

Low
Availability (A)

None

Authentication Bypass Affecting @cubejs-backend/api-gateway package, versions >=0.11.0 <0.11.17

Severity

CVSS assessment made by Snyk's Security Team

Introduced: 8 Nov 2019

How to fix?

Overview

References

CVSS Scores

Snyk