Unsanitized JavaScript code injection possible in gatsby-plugin-mdx

### Impact The gatsby-plugin-mdx plugin prior to versions 3.15.2 and 2.14.1 passes input through to the `gray-matter` npm package, which is vulnerable to JavaScript injection in its default configurat ...

Continue Reading
Spring Tips: Learn Spring for GraphQL (parts 1 and 2 of an ongoing series)

Hi, Spring fans! In thi^^^ these installments, we begin a new series introducing the Spring for GraphQL project. In this first installment, GraphQL Java lead [Andi Marek (@andimarek)]() and [ I (@sta ...

Continue Reading
Improper Access Control in wp-graphql

The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL quer ...

Continue Reading
Gitlab — multiple vulnerabilities

Gitlab reports: Runner registration token disclosure through Quick Actions Unprivileged users can add other users to groups through an API endpoint Inaccurate display of Snippet contents can be potent ...

Continue Reading
Improving the developer experience for Dependabot alerts

At GitHub, we believe in providing developer-first experiences to help you keep your code secure. Since we launched Dependabot alerts nearly four years ago, we’ve alerted users on over 425 million po ...

Continue Reading
Cybersecurity Engineer Guide – Job Description and How to Become

**Introduction** The interest for network security occupations is soaring, but the arrangement is at an incredible insufficient. Experts anticipate a 2021 increment of 3,500,000 empty web-based securi ...

Continue Reading
Thinking beyond SQL injection: OWASP tips for secure database access

_This is part three of GitHub Security Lab’s [series on the OWASP Top 10 Proactive Controls](), where I provide practical guidance for OSS developers and maintainers on improving your security postur ...

Continue Reading
Shopify: Same the Url

## Summary: i found the /graphql path and /performance_report with the post method. when i will create page with name /graphql i am not allowed on the grounds it is reserved but i can create page with ...

Continue Reading

Back to Main

Subscribe for the latest news: