A flaw was found in graphql-ruby. In affected versions of graphq-ruby, loading a malicious schema definition in the GraphQL::Schema.from_introspection or the GraphQL::Schema::Loader.load can cause rem ...
Continue Reading
March 14, 2025
Gitlab reports: CVE-2025-25291 and CVE-2025-25292 (third party gem ruby-saml) CVE-2025-27407 (third party gem graphql) Denial of Service Due to Inefficient Processing of Untrusted Input Credentials di ...
Continue Reading
March 14, 2025
Loading a malicious schema definition in GraphQL::Schema.from_introspection (or GraphQL::Schema::Loader.load) can result in remote code execution. Any system which loads a schema by JSON from an untru ...
Continue Reading
March 13, 2025
Summary Loading a malicious schema definition in GraphQL::Schema.from_introspection (or GraphQL::Schema::Loader.load) can result in remote code execution. Any system which loads a schema by JSON from ...
Continue Reading
March 13, 2025
Summary Loading a malicious schema definition in GraphQL::Schema.from_introspection (or GraphQL::Schema::Loader.load) can result in remote code execution. Any system which loads a schema by JSON from ...
Continue Reading
March 12, 2025
graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition i ...
Continue Reading
March 12, 2025
graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition i ...
Continue Reading
March 12, 2025
Back to Main
