A Bootiful Podcast: GraphQL Java founder Andi Marek

Hi, Spring fans! In this installment of a Bootiful Podcast, Josh Long (@starbuxman) talks to the GraphQL Java project founder and lead, Atlassian engineer, and Spring GraphQL cofounder Andi Marek (@an ...

Continue Reading
Improper Removal of Sensitive Information Before Storage or Transfer in irrd

IRRd did not always filter password hashes in query responses relating to `mntner` objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perform a brute-for ...

Continue Reading
This Week in Spring – May 24th, 2022

Hi, Spring fans! I'm in Spain for business and not just a little pleasure. Yesterday, my partner, her mother, and I went to Formentera, Spain, a little island off of Ibiza, Spain. It was amazing. We'r ...

Continue Reading
Remote Code Execution (RCE)

graphql-upload is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of file name via the `upload` function.Read More ...

Continue Reading
Constrained environment breakout. .NET Assembly exfiltration via Internet Options

![](https://www.pentestpartners.com/content/uploads/2022/05/dotNET-breakout-headline.png) It’s not uncommon for developers to find that they need to help their end users. For starter, the business re ...

Continue Reading
Graphql-Threat-Matrix – GraphQL Threat Framework Used By Security Professionals To Research Security Gaps In GraphQL Implementations

# [![](https://blogger.googleusercontent.com/img/a/AVvXsEjct_YmCLc-18AnApBUspPpG3TqJm6idF8kXXzhip6ehKOT6BfkPAmSl5giOn-9YO41mRxa2ob3NpNTpGXMABoNhKw0JstsaRZ3T1geeh-tAfUjm8ZGP37g1AXeTCjWlmatsSLJ1BcN1C4jA ...

Continue Reading
GitLab 13.10 < 14.4.5 / 14.5.0 < 14.5.3 / 14.6.0 < 14.6.2 Unauthorized Access

According to its self-reported version, the instance of GitLab running on the remote web server is 13.10 prior to 14.4.5, 14.5.0 prior to 14.5.3, or 14.6.0 prior to 14.6.2. It is, therefore, vulnerabl ...

Continue Reading

Back to Main

Subscribe for the latest news: