Vulnerability Database
289,599
Total vulnerabilities in the database
Default Express middleware security check is ignored in production
Default Express middleware security check is ignored in production
Impact
All Cube.js deployments that use affected versions of @cubejs-backend/api-gateway with default express authentication middleware in production environment are affected.
Patches
@cubejs-backend/[email protected]
Workarounds
Override default authentication express middleware: https://cube.dev/docs/@cubejs-backend-server-core#options-reference-check-auth-middleware
For more information
If you have any questions or comments about this advisory:
- Open an issue in https://github.com/cube-js/cube.js/issues
- Reach out us in community Slack: https://slack.cube.dev/
| Software | From | Fixed in |
|---|---|---|
@cubejs-backend / api-gateway
|
0.11.0 | 0.11.17 |