Default Express middleware security check is ignored in production

Description

No description available.

Recommendation

Update the @cubejs-backend/api-gateway package to the latest compatible version. Followings are version details:

• Affected version(s): >= 0.11.0, <= 0.11.16
• Patched version(s): 0.11.17

References

• GHSA-4j6x-w426-6rc6

Related Issues

• x402 SDK vulnerable in outdated versions in resource servers for builders - x402-express - Vulnerability
• Atro CSRF Middleware Bypass (security.checkOrigin) - CVE-2024-56140
• survey-pdf Upgraded jsPDF Version Due to Security Vulnerability - CVE-2026-25630
• Incorrect default cookie name and recommendation - Vulnerability

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

CSRF, XXE, and 12 Other Security Acronyms Explained

Tags:

npm

@cubejs-backend/api-gateway