Summary IBM Edge Application Manager 4.5.3 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2023-45857 DESCRIPTION: **Axios is vulnerable to cross- ...
Continue Reading
December 15, 2023
In today's digital landscape, ensuring the security of web applications and APIs is paramount. The journey to find the right security solution can be filled with challenges and choices. In this blog p ...
Continue Reading
December 15, 2023
Geth (aka go-ethereum) through 1.13.4, when `--http --graphql` is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the ...
Continue Reading
December 15, 2023
Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through...Read More ...
Continue Reading
December 15, 2023
A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentic ...
Continue Reading
December 15, 2023
quarkus-smallrye-graphql is vulnerable to Authorization Bypass. The vulnerability is due to doHandle function in SmallRyeGraphQLOverWebSocketHandler.java file there are no checks to ensure that the us ...
Continue Reading
December 15, 2023
SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object type ...
Continue Reading
December 15, 2023
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading ...
Continue Reading
December 15, 2023
Back to Main
