CVE-2023-34047

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An ap ...

Continue Reading
CVE-2023-26144

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large qu ...

Continue Reading

CVSS2 - MEDIUM

This Week in Spring – September 19th, 2023 (Java 21 Edition)

Hi, Spring fans! Welcome to another installment of _This Week in Spring_ - **Java 21 edition**! The big news, indeed, the _biggest_ news, is that Java 21 is now available here! You should use [SDKMAN] ...

Continue Reading
Introducing auto-triage rules for Dependabot

Since the May beta release of our [GitHub-curated Dependabot policies]() that detect and close false positive alerts, over 250k repositories have manually opted in, with an average improvement of over ...

Continue Reading
CVE-2023-41317

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service (Do ...

Continue Reading

CVSS3 - MEDIUM

CVSS2 - LOW

Apollo Router Unnamed “Subscription” operation results in Denial-of-Service

### Impact This is a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are enabled. It can be triggered when **all of the following ...

Continue Reading
Apollo Router Unnamed “Subscription” operation results in Denial-of-Service

### Impact This is a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are enabled. It can be triggered when **all of the following ...

Continue Reading
GraphQL Vulnerabilities and Common Attacks: What You Need to Know

GraphQL is a powerful query language for APIs that has gained popularity in recent years for its flexibility and ability to provide a great developer experience. However, with the rise of GraphQL usag ...

Continue Reading

Back to Main

Subscribe for the latest news: