Improper Access Control in wp-graphql

The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL quer ...

Continue Reading
CVE-2019-25060

The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL quer ...

Continue Reading
CVE-2022-30288

Agoo through 2.14.2 does not reject GraphQL fragment spreads that form cycles, leading to an application crash.Read More ...

Continue Reading
Reddit: Regular Expression Denial of Service vulnerability

## Summary: The vulnerability I have found is classified as a Regular Expression Denial of Service. While inspecting the source code file [RealtimeGQLSubscriptionAsync.js](https://www.redditstatic.com ...

Continue Reading
Tutorial: How to Build Your First Node.js gRPC API

Compared to other API technologies like REST and GraphQL, gRPC is lightweight and exceptionally robust, thanks in large part to its use of protobufs. Interested in exploring how to build your own API? ...

Continue Reading
How we use Dependabot to secure GitHub

At GitHub, we draw on our own experience using GitHub to build GitHub. As an example of this, we use a number of GitHub Advanced Security features internally. This post covers how we rolled out Depend ...

Continue Reading
RSAC 2022 – The Year of API Security

Not only is RSAC back in person, but [API security]() is coming to the forefront. Wallarm, the G2 leader in Application Security, is thrilled to be back at RSAC where we will show off all of our new A ...

Continue Reading
This Week in Spring – June 7th, 2022

Hi, Spring fans! Welcome to another installment of _This Week in Spring_! I've just landed in tantalizing Toronto, Canada, for the SpringOne Tour Toronto show. I'm so excited to be here, at long last, ...

Continue Reading

Back to Main

Subscribe for the latest news: