In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44 ...

Continue Reading

March 27, 2023

Thunder is a Drupal distribution for professional publishing. The thunder distribution ships the thunder_gqls module which provides a graphql interface. The module doesn't sufficiently check access wh ...

Continue Reading

March 27, 2023

In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44 ...

Continue Reading

March 27, 2023

In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44 ...

Continue Reading

March 27, 2023

[![](https://blogger.googleusercontent.com/img/a/AVvXsEgL3MLHu1cARwXIirYVPLX_4TlTK1evGLBNS7jVThufKErSdgIWSx7KQkobRZxVEvGnEi74WWDJ1cziEoefKuvYGqRyDMmQ88CNopkcs5ppKa3rqEqmskizyvmfCyrrR35j97E6sHFYbvqy2Xw ...

Continue Reading

March 26, 2023

ICYMI, we recently presented **A CISOs Guide to the New 2023 OWASP API Security Update**. In this first of two planned webinars, Stepan Ilyin and Tim Ebbers provided an overview of what’s in and ...

Continue Reading

March 23, 2023

Hi, Spring fans! Welcome to another rip roaring installment of _This Week in Spring_! It's March 21st and today they announced Java 20! It's an exciting time to be a Java developer. Java 20, of course ...

Continue Reading

March 21, 2023

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...

Continue Reading

March 17, 2023