CVE-2024-28251
- EPSS 0.18%
- Veröffentlicht 14.03.2024 00:15:33
- Zuletzt bearbeitet 04.09.2025 15:58:07
Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells ...
CVE-2024-27103
- EPSS 0.49%
- Veröffentlicht 28.02.2024 18:15:45
- Zuletzt bearbeitet 13.02.2025 17:13:01
Querybook is a Big Data Querying UI. When a user searches for their queries, datadocs, tables and lists, the search result is marked and highlighted, and this feature uses dangerouslySetInnerHTML which means that if the highlighted result has an XSS ...
CVE-2024-26148
- EPSS 0.32%
- Veröffentlicht 21.02.2024 23:15:08
- Zuletzt bearbeitet 05.02.2025 22:02:41
Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw a...
CVE-2022-46151
- EPSS 0.27%
- Veröffentlicht 06.12.2022 01:15:09
- Zuletzt bearbeitet 21.11.2024 07:30:12
Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in `querybook/server/app/auth/oauth_auth.py` and `querybook/server/app/auth/okta_auth.py`. This may allow...