When you have transforms on the root level or single source with transforms, and the client sends the same query with different variables, the initial variables are used in all following requests unti ...
Continue Reading
December 15, 2023
Summary IBM Edge Application Manager 4.5.3 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2023-45857 DESCRIPTION: **Axios is vulnerable to cross- ...
Continue Reading
December 15, 2023
Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through...Read More ...
Continue Reading
December 15, 2023
Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized too ...
Continue Reading
December 15, 2023
Geth (aka go-ethereum) through 1.13.4, when `--http --graphql` is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the ...
Continue Reading
December 15, 2023
SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object type ...
Continue Reading
December 15, 2023
Summary: Hello team, While testing the analytics reports functionality for an organization, I realized that organization members can delete reports created for a team they have no access to. If an or ...
Continue Reading
December 15, 2023
Introspection is enabled on `demo.pimcore.fun`. The demo site has graphql as a feature for users, but allows users to run instropection queries, which presents a potential schema information disclosur ...
Continue Reading
December 15, 2023
Back to Main
