Ovr

**Name of the Vulnerable Software and Affected Versions** Cube versions 1.1.17 through 1.5.12 and 1.4.1 **Description** Cube, a semantic layer for building data applications, is susceptible to a condition where a specially crafted request to a Cube API endpoint can render the entire Cube API unavailable. This impacts the availability of the service. The vulnerability is triggered by submitting a malicious request to an unspecified API endpoint. **Recommendations** Update to Cube version 1.5.13 or 1.4.2.

**Name of the Vulnerable Software and Affected Versions** Cube versions 0.27.19 through 1.5.12 Cube version 1.0.14 Cube version 1.4.2 **Description** Cube, a semantic layer for building data applications, is affected by a privilege escalation issue. A specially crafted request, using a valid API token, can lead to unauthorized access. The issue is related to how requests are processed, potentially allowing an attacker to gain higher-level permissions than intended. The vulnerable component is the API endpoint that handles requests with API tokens. The `API token` is the vulnerable parameter. **Recommendations** Update to Cube version 1.5.13. Update to Cube version 1.4.2. Update to Cube version 1.0.14.