Name of the Vulnerable Software and Affected Versions @cubejs-backend/api-gateway versions prior to 0.11.17

Description The default Express middleware security check is ignored in production, affecting all Cube.js deployments that use affected versions of @cubejs-backend/api-gateway with default Express authentication middleware in the production environment.

Recommendations For versions prior to 0.11.17, update to @cubejs-backend/api-gateway version 0.11.17 to resolve the issue. As a temporary workaround, consider overriding the default authentication Express middleware by using the checkAuthMiddleware option, as described in the documentation.