Impact canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affe ...
Continue Reading
January 23, 2024
The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, canView permission checks are bypassed for ORM data ...
Continue Reading
January 23, 2024
Impact canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affe ...
Continue Reading
January 23, 2024
Deciphering the Cloud Conundrum: An Introduction to tRPC & GraphQL The dynamic domain of cloud technology presents a couple of instrumental methodologies in the arena of APIs: tRPC and GraphQL ...
Continue Reading
January 22, 2024
@alpernae was able to demonstrate that the Enjin Platform's GraphQL interface was missing the appropriate CSRF protection when using a session token. The attack is performed by crafting a malicio ...
Continue Reading
January 19, 2024
@evershop/evershop is vulnerable to Improper Authorization. The vulnerability is due to lack of authorization checks while accessing GraphQL endpoints, resulting in Remote attackers extracting sensiti ...
Continue Reading
January 18, 2024
Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.9, allows remote attackers to obtain sensitive information via improper authorization in GraphQL...Read More ...
Continue Reading
January 16, 2024
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading
January 16, 2024
Back to Main
