mercurius is vulnerable to Denial of Service (DoS) attacks. A malicious user is able to cause an application crash via sending a malformed packet over `WebSocket` to `/graphql` resulting in Denial of ...
Continue ReadingJanuary 19, 2023
An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app i ...
Continue ReadingJanuary 18, 2023
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue ReadingJanuary 14, 2023
### Impact The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the `gray-matter` npm package, which is vulnerable to JavaScript injection in its default con ...
Continue ReadingJanuary 12, 2023
### Impact The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the `gray-matter` npm package, which is vulnerable to JavaScript injection in its default con ...
Continue ReadingJanuary 12, 2023
### Impact Any users of Mercurius until version v11.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to `/graphql`. ### Patches This was patched in https:// ...
Continue ReadingJanuary 10, 2023
### Impact Any users of Mercurius until version v11.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to `/graphql`. ### Patches This was patched in https:// ...
Continue ReadingJanuary 10, 2023
Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to `/graphql`. This iss ...
Continue ReadingJanuary 09, 2023
Back to Main