EPSS
Percentile
55.5%
cubejs-backend/api-gateway is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the /v1/sql-runner endpoint allows a malicious authenticated user to inject and execute arbitrary SQL queries on the target system.
/v1/sql-runner
github.com/cube-js/cube.js/commit/3c614674fed6ca17df08bbba8c835ef110167570
github.com/cube-js/cube.js/commit/f1140de508e359970ac82b50bae1c4bf152f6041
github.com/cube-js/cube.js/security/advisories/GHSA-6jqm-3c9g-pch7