Slide 33
Slide 33 text
@y0d3n
16k くらい
未認証で叩けるメタ情報API
CVE-2023-50709
app.get(
`${this.basePath}/v1/meta`,
userMiddlewares,
async (req, res) => {
if (req.query.hasOwnProperty('extended')) {
await this.metaExtended({
context: req.context,
res: this.resToResultFn(res),
});
} else {
await this.meta({
context: req.context,
res: this.resToResultFn(res),
});
}
}
);
https://github.com/cube-js/cube/blob/c6327275f01cd7c2b43750f88b3d6b13809edba4/packages/cubejs-api-gateway/src/gateway.ts#L311-L327
33