8 KB is not enough: why WAFs can’t protect APIs

WAFs were a top-notch security instrument a decade ago, but now they are not. They fail to protect APIs. Meanwhile, the number of API-specific vulnerabilities grew more than twofold in 2022. According ...

Continue Reading
CVE-2022-39275

Saleor is a headless, GraphQL commerce platform. In affected versions some GraphQL mutations were not properly checking the ID type input which allowed to access database objects that the authenticate ...

Continue Reading
(RHSA-2022:6835) Important: Service Registry (container images) release and security update [2.3.0.GA]

This release of Red Hat Integration - Service registry 2.3.0.GA serves as a replacement for 2.0.3.GA, and includes the below security fixes. Security Fix(es): * cron-utils: template Injection leading ...

Continue Reading

CVSS3 - CRITICAL

CVSS2 - HIGH

(RHSA-2022:6757) Important: Red Hat build of Eclipse Vert.x 4.3.3 security update

This release of Red Hat build of Eclipse Vert.x 4.3.3 GA includes security updates. For more information, see the release notes listed in the References section. Security Fix(es): * graphql-java: DoS ...

Continue Reading

CVSS3 - HIGH

CVE-2022-42002

SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authenticatio ...

Continue Reading
GraphQL Cross-Site Request Forgery

GraphQL is an open-source query and manipulation language for APIs and a server-side runtime built to handle these queries on the application dataset. GraphQL servers often allow other `Content-Type` ...

Continue Reading
This Week in Spring – September 27th, 2022

Hi, Spring fans! Welcome to another installment of _This Week in Spring_! It's the last week of _September_, already! The year's more done than not. The days are receding into darkness earlier. And th ...

Continue Reading
My SpringOne 2022

It has taken me an embarrassingly long time to appreciate and understand that the devil is in the details regarding software development. Writing happy-path business logic isn't the hard part! It's th ...

Continue Reading

Back to Main

Subscribe for the latest news: