Original message: I found an issue with security grants on on properties in the GraphQL ItemNormalizer: If you use something like #[ApiProperty(security: 'is_granted("PROPERTY_READ&q ...
Continue Reading
April 04, 2025
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22, a GraphQL grant on a property might be cached with different objects. The ApiPlatformGraphQlSerializer ...
Continue Reading
April 04, 2025
Summary Using the Relay special node type you can bypass the configured security on an operation. Details Here is an example of how to apply security configurations for the GraphQL operations: ```php ...
Continue Reading
April 04, 2025
In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experi ...
Continue Reading
April 04, 2025
Original message: I found an issue with security grants on on properties in the GraphQL ItemNormalizer: If you use something like #[ApiProperty(security: 'is_granted("PROPERTY_READ&q ...
Continue Reading
April 04, 2025
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed i ...
Continue Reading
April 04, 2025
In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experi ...
Continue Reading
April 04, 2025
Original message: I found an issue with security grants on on properties in the GraphQL ItemNormalizer: If you use something like #[ApiProperty(security: 'is_granted("PROPERTY_READ&q ...
Continue Reading
April 04, 2025
Back to Main
