{"id":"CVE-2023-50709","summary":"Denial of service attack on the cube-api endpoint","details":"Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The issue has been patched in `v0.34.34` and it's recommended that all users exposing Cube APIs to the public internet upgrade to the latest version to prevent service disruption.\nThere are currently no workaround for older versions, and the recommendation is to upgrade.","aliases":["GHSA-9759-3276-g2pm"],"modified":"2026-04-15T04:45:08.238903Z","published":"2023-12-13T22:00:04.603Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/50xxx/CVE-2023-50709.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-20"]},"references":[{"type":"WEB","url":"https://github.com/cube-js/cube/releases/tag/v0.34.34"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/50xxx/CVE-2023-50709.json"},{"type":"ADVISORY","url":"https://github.com/cube-js/cube/security/advisories/GHSA-9759-3276-g2pm"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50709"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cube-js/cube","events":[{"introduced":"0"},{"fixed":"e575d075c030f24a261112239894b09418394ce5"}],"database_specific":{"cpe":"cpe:2.3:a:cube:cube.js:*:*:*:*:*:node.js:*:*","source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"0.34.34"}]}}],"versions":["@cubejs-backend/api-gateway@0.0.27","@cubejs-backend/api-gateway@0.0.28","@cubejs-backend/athena-driver@0.0.27","@cubejs-backend/jdbc-driver@0.0.27","@cubejs-backend/mysql-driver@0.0.27","@cubejs-backend/postgres-driver@0.0.27","@cubejs-backend/query-orchestrator@0.0.27","@cubejs-backend/schema-compiler@0.0.27","@cubejs-backend/schema-compiler@0.0.28","@cubejs-backend/server-core@0.0.27","@cubejs-backend/server-core@0.0.28","@cubejs-backend/server@0.0.27","@cubejs-backend/server@0.0.28","@cubejs-backend/serverless@0.0.27","@cubejs-backend/serverless@0.0.28","@cubejs-client/core@0.2.7","@cubejs-client/core@0.2.8","@cubejs-client/react@0.2.7","@cubejs-client/react@0.2.8","cubejs-cli@0.0.18","v0.10.0","v0.10.1","v0.10.10","v0.10.11","v0.10.12","v0.10.13","v0.10.14","v0.10.15","v0.10.16","v0.10.17","v0.10.18","v0.10.19","v0.10.2","v0.10.20","v0.10.21","v0.10.22","v0.10.23","v0.10.24","v0.10.25","v0.10.26","v0.10.27","v0.10.28","v0.10.29","v0.10.3","v0.10.30","v0.10.31","v0.10.32","v0.10.33","v0.10.34","v0.10.35","v0.10.36","v0.10.37","v0.10.38","v0.10.39","v0.10.4","v0.10.40","v0.10.41","v0.10.42","v0.10.43","v0.10.44","v0.10.45","v0.10.46","v0.10.47","v0.10.48","v0.10.49","v0.10.5","v0.10.50","v0.10.51","v0.10.52","v0.10.53","v0.10.54","v0.10.55","v0.10.56","v0.10.57","v0.10.58","v0.10.59","v0.10.6","v0.10.60","v0.10.61","v0.10.62","v0.10.7","v0.10.8","v0.10.9","v0.11.0","v0.11.1","v0.11.10","v0.11.11","v0.11.12","v0.11.13","v0.11.14","v0.11.15","v0.11.16","v0.11.17","v0.11.18","v0.11.19","v0.11.2","v0.11.20","v0.11.21","v0.11.22","v0.11.23","v0.11.24","v0.11.25","v0.11.3","v0.11.4","v0.11.5","v0.11.6","v0.11.7","v0.11.8","v0.11.9","v0.12.0","v0.12.1","v0.12.2","v0.12.3","v0.13.0","v0.13.1","v0.13.10","v0.13.11","v0.13.12","v0.13.2","v0.13.3","v0.13.4","v0.13.5","v0.13.6","v0.13.7","v0.13.8","v0.13.9","v0.14.0","v0.14.1","v0.14.2","v0.14.3","v0.15.0","v0.15.1","v0.15.2","v0.15.3","v0.15.4","v0.16.0","v0.17.0","v0.17.1","v0.17.10","v0.17.2","v0.17.3","v0.17.4","v0.17.5","v0.17.6","v0.17.7","v0.17.8","v0.17.9","v0.18.0","v0.18.1","v0.18.10","v0.18.11","v0.18.12","v0.18.13","v0.18.14","v0.18.15","v0.18.16","v0.18.17","v0.18.18","v0.18.19","v0.18.2","v0.18.20","v0.18.21","v0.18.22","v0.18.23","v0.18.24","v0.18.25","v0.18.26","v0.18.27","v0.18.28","v0.18.29","v0.18.3","v0.18.30","v0.18.31","v0.18.32","v0.18.4","v0.18.5","v0.18.6","v0.18.7","v0.18.8","v0.18.9","v0.19.0","v0.19.1","v0.19.10","v0.19.11","v0.19.12","v0.19.13","v0.19.14","v0.19.15","v0.19.16","v0.19.17","v0.19.18","v0.19.19","v0.19.2","v0.19.20","v0.19.21","v0.19.22","v0.19.23","v0.19.24","v0.19.25","v0.19.26","v0.19.27","v0.19.28","v0.19.29","v0.19.3","v0.19.30","v0.19.31","v0.19.32","v0.19.33","v0.19.34","v0.19.35","v0.19.36","v0.19.37","v0.19.38","v0.19.39","v0.19.4","v0.19.40","v0.19.41","v0.19.42","v0.19.43","v0.19.44","v0.19.45","v0.19.46","v0.19.47","v0.19.48","v0.19.49","v0.19.5","v0.19.50","v0.19.51","v0.19.52","v0.19.53","v0.19.54","v0.19.55","v0.19.56","v0.19.57","v0.19.58","v0.19.59","v0.19.6","v0.19.60","v0.19.61","v0.19.7","v0.19.8","v0.19.9","v0.20.0","v0.20.1","v0.20.10","v0.20.11","v0.20.12","v0.20.13","v0.20.14","v0.20.15","v0.20.2","v0.20.3","v0.20.4","v0.20.6","v0.20.7","v0.20.8","v0.20.9","v0.21.0","v0.21.1","v0.21.2","v0.22.0","v0.22.1","v0.22.2","v0.22.3","v0.22.4","v0.23.0","v0.23.1","v0.23.10","v0.23.11","v0.23.12","v0.23.13","v0.23.14","v0.23.15","v0.23.2","v0.23.3","v0.23.4","v0.23.5","v0.23.6","v0.23.7","v0.23.8","v0.23.9","v0.24.0","v0.24.1","v0.24.10","v0.24.11","v0.24.12","v0.24.13","v0.24.14","v0.24.15","v0.24.2","v0.24.3","v0.24.4","v0.24.5","v0.24.6","v0.24.7","v0.24.8","v0.24.9","v0.25.0","v0.25.1","v0.25.10","v0.25.11","v0.25.12","v0.25.13","v0.25.14","v0.25.15","v0.25.16","v0.25.17","v0.25.18","v0.25.19","v0.25.2","v0.25.20","v0.25.21","v0.25.22","v0.25.23","v0.25.24","v0.25.25","v0.25.26","v0.25.27","v0.25.28","v0.25.29","v0.25.3","v0.25.30","v0.25.31","v0.25.32","v0.25.33","v0.25.4","v0.25.5","v0.25.6","v0.25.7","v0.25.8","v0.25.9","v0.26.0","v0.26.1","v0.26.10","v0.26.100","v0.26.101","v0.26.102","v0.26.103","v0.26.104","v0.26.11","v0.26.12","v0.26.13","v0.26.14","v0.26.15","v0.26.16","v0.26.17","v0.26.18","v0.26.19","v0.26.2","v0.26.20","v0.26.21","v0.26.22","v0.26.23","v0.26.24","v0.26.25","v0.26.26","v0.26.27","v0.26.28","v0.26.29","v0.26.3","v0.26.30","v0.26.31","v0.26.32","v0.26.33","v0.26.34","v0.26.35","v0.26.36","v0.26.37","v0.26.38","v0.26.39","v0.26.4","v0.26.40","v0.26.41","v0.26.42","v0.26.43","v0.26.44","v0.26.45","v0.26.46","v0.26.47","v0.26.48","v0.26.49","v0.26.5","v0.26.50","v0.26.51","v0.26.52","v0.26.53","v0.26.54","v0.26.55","v0.26.56","v0.26.58","v0.26.59","v0.26.6","v0.26.60","v0.26.61","v0.26.62","v0.26.63","v0.26.64","v0.26.65","v0.26.66","v0.26.67","v0.26.68","v0.26.69","v0.26.7","v0.26.70","v0.26.71","v0.26.72","v0.26.73","v0.26.74","v0.26.75","v0.26.76","v0.26.77","v0.26.78","v0.26.79","v0.26.8","v0.26.80","v0.26.81","v0.26.82","v0.26.83","v0.26.84","v0.26.85","v0.26.86","v0.26.87","v0.26.88","v0.26.89","v0.26.9","v0.26.90","v0.26.91","v0.26.92","v0.26.93","v0.26.94","v0.26.95","v0.26.96","v0.26.97","v0.26.98","v0.26.99","v0.27.0","v0.27.1","v0.27.10","v0.27.11","v0.27.12","v0.27.13","v0.27.14","v0.27.15","v0.27.16","v0.27.17","v0.27.18","v0.27.19","v0.27.2","v0.27.20","v0.27.21","v0.27.22","v0.27.23","v0.27.24","v0.27.25","v0.27.26","v0.27.27","v0.27.29","v0.27.3","v0.27.30","v0.27.31","v0.27.32","v0.27.33","v0.27.34","v0.27.35","v0.27.36","v0.27.37","v0.27.38","v0.27.39","v0.27.4","v0.27.40","v0.27.41","v0.27.42","v0.27.43","v0.27.44","v0.27.45","v0.27.46","v0.27.47","v0.27.48","v0.27.49","v0.27.5","v0.27.50","v0.27.51","v0.27.52","v0.27.53","v0.27.6","v0.27.7","v0.27.8","v0.27.9","v0.28.0","v0.28.1","v0.28.10","v0.28.11","v0.28.12","v0.28.13","v0.28.14","v0.28.15","v0.28.16","v0.28.17","v0.28.18","v0.28.19","v0.28.2","v0.28.20","v0.28.21","v0.28.22","v0.28.23","v0.28.24","v0.28.25","v0.28.26","v0.28.27","v0.28.28","v0.28.29","v0.28.3","v0.28.30","v0.28.31","v0.28.32","v0.28.33","v0.28.34","v0.28.35","v0.28.36","v0.28.37","v0.28.38","v0.28.39","v0.28.4","v0.28.40","v0.28.41","v0.28.42","v0.28.43","v0.28.44","v0.28.45","v0.28.46","v0.28.47","v0.28.48","v0.28.49","v0.28.5","v0.28.50","v0.28.51","v0.28.52","v0.28.53","v0.28.54","v0.28.55","v0.28.56","v0.28.57","v0.28.58","v0.28.59","v0.28.6","v0.28.60","v0.28.61","v0.28.62","v0.28.63","v0.28.64","v0.28.65","v0.28.66","v0.28.67","v0.28.7","v0.28.8","v0.28.9","v0.29.0","v0.29.1","v0.29.10","v0.29.11","v0.29.12","v0.29.12-1","v0.29.13","v0.29.14","v0.29.15","v0.29.16","v0.29.17","v0.29.18","v0.29.19","v0.29.2","v0.29.20","v0.29.21","v0.29.22","v0.29.23","v0.29.24","v0.29.25","v0.29.26","v0.29.27","v0.29.28","v0.29.29","v0.29.3","v0.29.30","v0.29.31","v0.29.32","v0.29.33","v0.29.34","v0.29.35","v0.29.36","v0.29.37","v0.29.38","v0.29.39","v0.29.4","v0.29.40","v0.29.41","v0.29.42","v0.29.43","v0.29.44","v0.29.45","v0.29.46","v0.29.47","v0.29.48","v0.29.49","v0.29.5","v0.29.50","v0.29.51","v0.29.52","v0.29.53","v0.29.54","v0.29.55","v0.29.56","v0.29.57","v0.29.6","v0.29.7","v0.29.8","v0.29.9","v0.3.1","v0.3.2","v0.3.3","v0.3.4","v0.3.5","v0.3.5-alpha.0","v0.30.0","v0.30.1","v0.30.10","v0.30.11","v0.30.12","v0.30.13","v0.30.14","v0.30.15","v0.30.16","v0.30.17","v0.30.18","v0.30.19","v0.30.2","v0.30.20","v0.30.21","v0.30.22","v0.30.23","v0.30.24","v0.30.25","v0.30.26","v0.30.27","v0.30.28","v0.30.29","v0.30.3","v0.30.30","v0.30.31","v0.30.32","v0.30.33","v0.30.34","v0.30.35","v0.30.36","v0.30.37","v0.30.38","v0.30.39","v0.30.4","v0.30.40","v0.30.41","v0.30.42","v0.30.43","v0.30.44","v0.30.45","v0.30.46","v0.30.47","v0.30.48","v0.30.49","v0.30.5","v0.30.50","v0.30.51","v0.30.52","v0.30.53","v0.30.54","v0.30.55","v0.30.56","v0.30.57","v0.30.58","v0.30.59","v0.30.6","v0.30.60","v0.30.61","v0.30.62","v0.30.63","v0.30.64","v0.30.65","v0.30.66","v0.30.67","v0.30.68","v0.30.69","v0.30.7","v0.30.70","v0.30.71","v0.30.72","v0.30.73","v0.30.74","v0.30.75","v0.30.8","v0.30.9","v0.31.0","v0.31.1","v0.31.10","v0.31.11","v0.31.12","v0.31.13","v0.31.14","v0.31.15","v0.31.16","v0.31.17","v0.31.18","v0.31.19","v0.31.2","v0.31.20","v0.31.21","v0.31.22","v0.31.23","v0.31.24","v0.31.25","v0.31.26","v0.31.27","v0.31.28","v0.31.29","v0.31.3","v0.31.30","v0.31.31","v0.31.32","v0.31.33","v0.31.34","v0.31.35","v0.31.36","v0.31.37","v0.31.38","v0.31.39","v0.31.4","v0.31.40","v0.31.41","v0.31.42","v0.31.43","v0.31.44","v0.31.45","v0.31.46","v0.31.47","v0.31.48","v0.31.49","v0.31.5","v0.31.50","v0.31.51","v0.31.52","v0.31.53","v0.31.54","v0.31.55","v0.31.56","v0.31.57","v0.31.58","v0.31.59","v0.31.6","v0.31.60","v0.31.61","v0.31.62","v0.31.63","v0.31.64","v0.31.65","v0.31.66","v0.31.67","v0.31.68","v0.31.69","v0.31.7","v0.31.8","v0.31.9","v0.32.0","v0.32.1","v0.32.10","v0.32.11","v0.32.12","v0.32.13","v0.32.14","v0.32.15","v0.32.16","v0.32.17","v0.32.18","v0.32.19","v0.32.2","v0.32.20","v0.32.21","v0.32.22","v0.32.23","v0.32.24","v0.32.25","v0.32.26","v0.32.27","v0.32.28","v0.32.29","v0.32.3","v0.32.30","v0.32.31","v0.32.4","v0.32.5","v0.32.6","v0.32.7","v0.32.8","v0.32.9","v0.33.0","v0.33.1","v0.33.10","v0.33.11","v0.33.12","v0.33.13","v0.33.14","v0.33.15","v0.33.16","v0.33.17","v0.33.18","v0.33.19","v0.33.2","v0.33.20","v0.33.21","v0.33.22","v0.33.23","v0.33.24","v0.33.25","v0.33.26","v0.33.27","v0.33.28","v0.33.29","v0.33.3","v0.33.30","v0.33.31","v0.33.32","v0.33.33","v0.33.34","v0.33.35","v0.33.36","v0.33.37","v0.33.38","v0.33.39","v0.33.4","v0.33.40","v0.33.41","v0.33.42","v0.33.43","v0.33.44","v0.33.45","v0.33.46","v0.33.47","v0.33.48","v0.33.49","v0.33.5","v0.33.50","v0.33.51","v0.33.52","v0.33.53","v0.33.54","v0.33.55","v0.33.56","v0.33.57","v0.33.58","v0.33.59","v0.33.6","v0.33.60","v0.33.61","v0.33.62","v0.33.63","v0.33.64","v0.33.65","v0.33.7","v0.33.8","v0.33.9","v0.34.0","v0.34.1","v0.34.10","v0.34.11","v0.34.12","v0.34.13","v0.34.14","v0.34.15","v0.34.16","v0.34.17","v0.34.18","v0.34.19","v0.34.2","v0.34.20","v0.34.21","v0.34.22","v0.34.23","v0.34.24","v0.34.25","v0.34.26","v0.34.27","v0.34.28","v0.34.29","v0.34.3","v0.34.30","v0.34.31","v0.34.32","v0.34.33","v0.34.4","v0.34.5","v0.34.6","v0.34.7","v0.34.8","v0.34.9","v0.4.0","v0.4.1","v0.4.2","v0.4.3","v0.4.4","v0.4.5","v0.4.6","v0.5.0","v0.5.1","v0.6.0","v0.6.1","v0.6.2","v0.7.0","v0.7.1","v0.7.10","v0.7.2","v0.7.3","v0.7.4","v0.7.5","v0.7.6","v0.7.7","v0.7.8","v0.7.9","v0.8.0","v0.8.1","v0.8.2","v0.8.3","v0.8.4","v0.8.5","v0.8.6","v0.8.7","v0.9.0","v0.9.1","v0.9.10","v0.9.11","v0.9.12","v0.9.13","v0.9.14","v0.9.15","v0.9.16","v0.9.17","v0.9.18","v0.9.19","v0.9.2","v0.9.20","v0.9.21","v0.9.22","v0.9.23","v0.9.24","v0.9.3","v0.9.4","v0.9.5","v0.9.6","v0.9.7","v0.9.8","v0.9.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50709.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}