CVE-2026-25958
- EPSS 0.02%
- Veröffentlicht 09.02.2026 22:42:54
- Zuletzt bearbeitet 19.02.2026 19:36:28
Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in 1....
CVE-2026-25957
- EPSS 0.02%
- Veröffentlicht 09.02.2026 22:39:16
- Zuletzt bearbeitet 24.02.2026 19:53:01
Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1...
CVE-2023-50709
- EPSS 0.17%
- Veröffentlicht 13.12.2023 22:15:43
- Zuletzt bearbeitet 21.11.2024 08:37:10
Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The issue has been patched in `v0.34.34` and i...
CVE-2022-23510
- EPSS 0.4%
- Veröffentlicht 09.12.2022 23:15:22
- Zuletzt bearbeitet 21.11.2024 06:48:42
cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in versio...