Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRqNngtdzQyNi02cmM2

Default Express middleware security check is ignored in production

Impact

All Cube.js deployments that use affected versions of @cubejs-backend/api-gateway with default express authentication middleware in production environment are affected.

Patches

@cubejs-backend/[email protected]

Workarounds

Override default authentication express middleware: https://cube.dev/docs/@cubejs-backend-server-core#options-reference-check-auth-middleware

For more information

If you have any questions or comments about this advisory:

Open an issue in https://github.com/cube-js/cube.js/issues
Reach out us in community Slack: https://slack.cube.dev/

Permalink: https://github.com/advisories/GHSA-4j6x-w426-6rc6
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRqNngtdzQyNi02cmM2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 4 years ago
Updated: over 1 year ago

Identifiers: GHSA-4j6x-w426-6rc6
References:

Repository: https://github.com/cube-js/cube.js
Blast Radius: 0.0

Affected Packages

npm:@cubejs-backend/api-gateway

Dependent packages: 13
Dependent repositories: 133
Downloads: 79,769 last month
Affected Version Ranges: >= 0.11.0, <= 0.11.16
Fixed in: 0.11.17
All affected versions: 0.11.0, 0.11.5, 0.11.6, 0.11.16
All unaffected versions: 0.0.1, 0.0.2, 0.0.18, 0.0.20, 0.0.26, 0.0.27, 0.0.28, 0.3.1, 0.4.1, 0.4.3, 0.4.4, 0.4.5, 0.5.0, 0.6.0, 0.6.1, 0.6.2, 0.7.0, 0.7.4, 0.7.6, 0.8.0, 0.8.1, 0.8.4, 0.9.0, 0.9.5, 0.9.12, 0.9.19, 0.9.20, 0.10.0, 0.10.15, 0.10.17, 0.10.21, 0.10.24, 0.10.34, 0.10.62, 0.11.17, 0.11.18, 0.11.20, 0.12.0, 0.12.1, 0.13.0, 0.13.1, 0.13.2, 0.13.6, 0.13.7, 0.13.8, 0.13.9, 0.14.0, 0.15.0, 0.15.3, 0.17.0, 0.17.1, 0.18.0, 0.18.4, 0.18.5, 0.18.7, 0.19.0, 0.19.1, 0.19.2, 0.19.5, 0.19.15, 0.19.16, 0.19.19, 0.19.23, 0.19.31, 0.19.33, 0.19.35, 0.19.47, 0.19.48, 0.19.49, 0.19.50, 0.19.54, 0.19.61, 0.20.0, 0.20.2, 0.20.3, 0.20.5, 0.20.6, 0.20.7, 0.20.8, 0.20.9, 0.20.10, 0.20.11, 0.21.0, 0.21.1, 0.22.0, 0.22.2, 0.23.0, 0.23.6, 0.24.0, 0.24.4, 0.24.5, 0.24.6, 0.24.9, 0.24.12, 0.24.13, 0.24.14, 0.25.0, 0.25.1, 0.25.2, 0.25.14, 0.25.15, 0.25.21, 0.25.22, 0.25.23, 0.25.29, 0.25.31, 0.26.0, 0.26.1, 0.26.2, 0.26.4, 0.26.6, 0.26.7, 0.26.11, 0.26.13, 0.26.15, 0.26.16, 0.26.19, 0.26.22, 0.26.23, 0.26.25, 0.26.35, 0.26.45, 0.26.53, 0.26.54, 0.26.60, 0.26.65, 0.26.69, 0.26.74, 0.26.79, 0.26.81, 0.26.87, 0.26.95, 0.26.100, 0.26.102, 0.26.103, 0.27.0, 0.27.1, 0.27.2, 0.27.4, 0.27.5, 0.27.11, 0.27.13, 0.27.15, 0.27.17, 0.27.19, 0.27.22, 0.27.25, 0.27.27, 0.27.30, 0.27.31, 0.27.33, 0.27.35, 0.27.36, 0.27.37, 0.27.39, 0.27.41, 0.27.45, 0.27.46, 0.27.47, 0.27.51, 0.27.53, 0.28.0, 0.28.1, 0.28.2, 0.28.4, 0.28.6, 0.28.7, 0.28.9, 0.28.10, 0.28.14, 0.28.17, 0.28.19, 0.28.22, 0.28.24, 0.28.29, 0.28.33, 0.28.35, 0.28.42, 0.28.43, 0.28.44, 0.28.45, 0.28.46, 0.28.48, 0.28.50, 0.28.51, 0.28.52, 0.28.53, 0.28.55, 0.28.56, 0.28.57, 0.28.58, 0.28.60, 0.28.61, 0.28.62, 0.28.63, 0.28.65, 0.28.66, 0.28.67, 0.29.0, 0.29.3, 0.29.4, 0.29.5, 0.29.6, 0.29.9, 0.29.10, 0.29.11, 0.29.12, 0.29.14, 0.29.15, 0.29.18, 0.29.20, 0.29.21, 0.29.22, 0.29.23, 0.29.24, 0.29.25, 0.29.26, 0.29.27, 0.29.28, 0.29.29, 0.29.30, 0.29.31, 0.29.32, 0.29.33, 0.29.34, 0.29.35, 0.29.36, 0.29.37, 0.29.38, 0.29.39, 0.29.40, 0.29.42, 0.29.43, 0.29.44, 0.29.45, 0.29.46, 0.29.47, 0.29.48, 0.29.50, 0.29.51, 0.29.53, 0.29.54, 0.29.55, 0.29.56, 0.29.57, 0.30.0, 0.30.1, 0.30.2, 0.30.3, 0.30.4, 0.30.6, 0.30.7, 0.30.8, 0.30.9, 0.30.10, 0.30.11, 0.30.13, 0.30.14, 0.30.16, 0.30.17, 0.30.18, 0.30.19, 0.30.20, 0.30.25, 0.30.26, 0.30.27, 0.30.28, 0.30.29, 0.30.30, 0.30.31, 0.30.32, 0.30.34, 0.30.35, 0.30.36, 0.30.37, 0.30.38, 0.30.42, 0.30.43, 0.30.44, 0.30.45, 0.30.46, 0.30.47, 0.30.48, 0.30.50, 0.30.51, 0.30.52, 0.30.53, 0.30.54, 0.30.56, 0.30.57, 0.30.58, 0.30.59, 0.30.60, 0.30.61, 0.30.62, 0.30.64, 0.30.65, 0.30.67, 0.30.68, 0.30.69, 0.30.70, 0.30.71, 0.30.72, 0.30.73, 0.30.74, 0.30.75, 0.31.0, 0.31.2, 0.31.4, 0.31.5, 0.31.7, 0.31.8, 0.31.10, 0.31.12, 0.31.13, 0.31.14, 0.31.15, 0.31.18, 0.31.19, 0.31.20, 0.31.22, 0.31.23, 0.31.24, 0.31.25, 0.31.26, 0.31.27, 0.31.28, 0.31.29, 0.31.30, 0.31.31, 0.31.32, 0.31.33, 0.31.35, 0.31.36, 0.31.37, 0.31.38, 0.31.39, 0.31.40, 0.31.41, 0.31.42, 0.31.45, 0.31.48, 0.31.50, 0.31.52, 0.31.55, 0.31.56, 0.31.57, 0.31.58, 0.31.59, 0.31.60, 0.31.62, 0.31.63, 0.31.64, 0.31.65, 0.31.66, 0.31.67, 0.32.0, 0.32.1, 0.32.2, 0.32.3, 0.32.4, 0.32.5, 0.32.8, 0.32.9, 0.32.10, 0.32.11, 0.32.12, 0.32.13, 0.32.14, 0.32.15, 0.32.16, 0.32.17, 0.32.18, 0.32.19, 0.32.20, 0.32.21, 0.32.22, 0.32.23, 0.32.25, 0.32.26, 0.32.27, 0.32.28, 0.32.29, 0.32.30, 0.32.31, 0.33.0, 0.33.2, 0.33.3, 0.33.4, 0.33.5, 0.33.6, 0.33.7, 0.33.8, 0.33.9, 0.33.10, 0.33.11, 0.33.12, 0.33.13, 0.33.14, 0.33.15, 0.33.18, 0.33.19, 0.33.20, 0.33.21, 0.33.22, 0.33.23, 0.33.24, 0.33.25, 0.33.26, 0.33.28, 0.33.29, 0.33.32, 0.33.33, 0.33.34, 0.33.36, 0.33.37, 0.33.38, 0.33.39, 0.33.41, 0.33.43, 0.33.45, 0.33.46, 0.33.47, 0.33.48, 0.33.49, 0.33.50, 0.33.51, 0.33.52, 0.33.53, 0.33.54, 0.33.55, 0.33.56, 0.33.57, 0.33.59, 0.33.60, 0.33.61, 0.33.62, 0.33.63, 0.33.64, 0.33.65, 0.34.0, 0.34.1, 0.34.2, 0.34.3, 0.34.4, 0.34.5, 0.34.6, 0.34.7, 0.34.8, 0.34.9, 0.34.10, 0.34.11, 0.34.13, 0.34.14, 0.34.16, 0.34.19, 0.34.20, 0.34.21, 0.34.22, 0.34.23, 0.34.24, 0.34.25, 0.34.26, 0.34.27, 0.34.31, 0.34.32, 0.34.33, 0.34.34, 0.34.35, 0.34.36, 0.34.37, 0.34.38, 0.34.40, 0.34.41, 0.34.42, 0.34.45, 0.34.46, 0.34.47, 0.34.48, 0.34.51, 0.34.52, 0.34.53, 0.34.54, 0.34.55, 0.34.56, 0.34.57, 0.34.58, 0.34.59, 0.34.60, 0.34.61, 0.34.62, 0.35.0, 0.35.1, 0.35.2, 0.35.4, 0.35.5, 0.35.6, 0.35.10, 0.35.11, 0.35.14, 0.35.19, 0.35.21, 0.35.23