A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An ap ...
Continue ReadingSeptember 20, 2023
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large qu ...
Continue ReadingSeptember 20, 2023
Hi, Spring fans! Welcome to another installment of _This Week in Spring_ - **Java 21 edition**! The big news, indeed, the _biggest_ news, is that Java 21 is now available here! You should use [SDKMAN] ...
Continue ReadingSeptember 19, 2023
Since the May beta release of our [GitHub-curated Dependabot policies]() that detect and close false positive alerts, over 250k repositories have manually opted in, with an average improvement of over ...
Continue ReadingSeptember 15, 2023
The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service (Do ...
Continue ReadingSeptember 09, 2023
### Impact This is a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are enabled. It can be triggered when **all of the following ...
Continue ReadingSeptember 07, 2023
### Impact This is a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are enabled. It can be triggered when **all of the following ...
Continue ReadingSeptember 07, 2023
GraphQL is a powerful query language for APIs that has gained popularity in recent years for its flexibility and ability to provide a great developer experience. However, with the rise of GraphQL usag ...
Continue ReadingSeptember 05, 2023
Back to Main