Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SQl injection in cube-js
Vulnerability Description
cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade to 0.31.24 or to downgrade to 0.31.22. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Cube.js SQL注入漏洞
Vulnerability Description
Cube.js是美国Cube.js开源的一个开源分析 API 平台。 Cube.js 0.31.24之前版本存在SQL注入漏洞,该漏洞源于所有经过身份验证的客户端都可以绕过SQL行级安全性并通过新引入的/v1/sql-runner端点运行任意SQL。
CVSS Information
N/A
Vulnerability Type
N/A