A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An ap ...
Continue Reading
December 15, 2023
Geth (aka go-ethereum) through 1.13.4, when `--http --graphql` is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the ...
Continue Reading
December 15, 2023
Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through...Read More ...
Continue Reading
December 15, 2023
quarkus-smallrye-graphql is vulnerable to Authorization Bypass. The vulnerability is due to doHandle function in SmallRyeGraphQLOverWebSocketHandler.java file there are no checks to ensure that the us ...
Continue Reading
December 15, 2023
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS att ...
Continue Reading
December 15, 2023
github.com/ethereum/go-ethereum is vulnerable to Denial of Service. This vulnerability exists when ` --http --graphql` is used which allows an attacker to cause an application crash via a crafted Grap ...
Continue Reading
December 15, 2023
GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API.Read More ...
Continue Reading
December 15, 2023
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading
December 15, 2023
Back to Main
