Vulnerability Database
296,733
Total vulnerabilities in the database
Default Express middleware security check is ignored in production
Default Express middleware security check is ignored in production
Impact
All Cube.js deployments that use affected versions of @cubejs-backend/api-gateway with default express authentication middleware in production environment are affected.
Patches
@cubejs-backend/api-gateway@0.11.17
Workarounds
Override default authentication express middleware: https://cube.dev/docs/@cubejs-backend-server-core#options-reference-check-auth-middleware
For more information
If you have any questions or comments about this advisory:
- Open an issue in https://github.com/cube-js/cube.js/issues
- Reach out us in community Slack: https://slack.cube.dev/
| Software | From | Fixed in |
|---|---|---|
@cubejs-backend / api-gateway
|
0.11.0 | 0.11.17 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime