@keystone-6/core is vulnerable to Improper Access Control. The vulnerability exists when the `ui.isAccessAllowed` parameter in the `KeystoneMeta` function of `adminMetaSchema.ts` is set as `undefined` ...
Continue Reading
August 18, 2023
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading
August 15, 2023
### Summary When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible, that is to say, no session is required for the query. This is different to the behaviour of ...
Continue Reading
August 15, 2023
### Summary When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible, that is to say, no session is required for the query. This is different to the behaviour of ...
Continue Reading
August 15, 2023
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.3.0 and prior to version 10.5.0, the permission filters (i.e. `user_created IS $CURRENT_USER`) a ...
Continue Reading
August 15, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. ...
Continue Reading
August 15, 2023
Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initiali ...
Continue Reading
August 15, 2023
** DISPUTED ** A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: t ...
Continue Reading
August 15, 2023
Back to Main
