Hi, Spring fans! Welcome to another installment of _This Week in Spring_! How are you? It's September 26th, 2023, and I am in sunny Singapore for SpringOne at VMWare Explore Singapore. If you're aroun ...
Continue Reading
December 15, 2023
### Impact An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql ...
Continue Reading
December 15, 2023
org.springframework.graphql:spring-graphql is vulnerable to Information Disclosure. The vulnerability is due to an issue where an application provides a `DataLoaderOptions` instance when registering b ...
Continue Reading
December 15, 2023
silverstripe/graphql is vulnerable to Distributed Denial Of Service attacks. The vulnerability is due to publicly exposed graphql schemas because it does not properly validate recursive queries, allow ...
Continue Reading
December 15, 2023
Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL Client Desktop Application does not sanitize external URLs before passing them to the underlying system. Moreover, Altair GraphQL ...
Continue Reading
December 15, 2023
Hi, Spring fans! Welcome to another installment of _This Week in Spring_! How are you? It's September 26th, 2023, and I am in sunny Singapore for SpringOne at VMWare Explore Singapore. If you're aroun ...
Continue Reading
December 15, 2023
Introspection is enabled on `demo.pimcore.fun`. The demo site has graphql as a feature for users, but allows users to run instropection queries, which presents a potential schema information disclosur ...
Continue Reading
December 15, 2023
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large qu ...
Continue Reading
December 15, 2023
Back to Main
