Vulnerabilities/

Default Express middleware security check is ignored in production

Severity:: High

Description

No description available.

Recommendation

Update the @cubejs-backend/api-gateway package to the latest compatible version. Followings are version details:

Affected version(s): >= 0.11.0, <= 0.11.16
Patched version(s): 0.11.17

References

GHSA-4j6x-w426-6rc6

Related Issues

@cubejs-backend/api-gateway row level security bypass - CVE-2022-23510
express-basic-auth Timing Attack due to native string comparison instead of constant time string comparison - Vulnerability
Atro CSRF Middleware Bypass (security.checkOrigin) - CVE-2024-56140
Incorrect default cookie name and recommendation - Vulnerability

Tags:: npm; @cubejs-backend/api-gateway

Anything's wrong? Let us know Last updated on January 09, 2023