WAFs were a top-notch security instrument a decade ago, but now they are not. They fail to protect APIs. Meanwhile, the number of API-specific vulnerabilities grew more than twofold in 2022. According ...
Continue ReadingOctober 17, 2022
Saleor is a headless, GraphQL commerce platform. In affected versions some GraphQL mutations were not properly checking the ID type input which allowed to access database objects that the authenticate ...
Continue ReadingOctober 06, 2022
This release of Red Hat Integration - Service registry 2.3.0.GA serves as a replacement for 2.0.3.GA, and includes the below security fixes. Security Fix(es): * cron-utils: template Injection leading ...
Continue ReadingOctober 06, 2022
This release of Red Hat build of Eclipse Vert.x 4.3.3 GA includes security updates. For more information, see the release notes listed in the References section. Security Fix(es): * graphql-java: DoS ...
Continue ReadingOctober 05, 2022
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authenticatio ...
Continue ReadingSeptember 30, 2022
GraphQL is an open-source query and manipulation language for APIs and a server-side runtime built to handle these queries on the application dataset. GraphQL servers often allow other `Content-Type` ...
Continue ReadingSeptember 30, 2022
Hi, Spring fans! Welcome to another installment of _This Week in Spring_! It's the last week of _September_, already! The year's more done than not. The days are receding into darkness earlier. And th ...
Continue ReadingSeptember 27, 2022
It has taken me an embarrassingly long time to appreciate and understand that the devil is in the details regarding software development. Writing happy-path business logic isn't the hard part! It's th ...
Continue ReadingSeptember 23, 2022
Back to Main