An issue exists in Couchbase Server prior to 7.2.4. An attacker can bypass SQL++ N1QL cURL host restrictions.