# Description There is a significant timing difference in the login functionality for valid and invalid usernames. # Proof of Concept Steps to reproduce: ``` 1. Attempt a Login with a valid user and a ...

Continue Reading

September 17, 2022

graphql-java before 19.0, 18.3, and 17.4 is vulnerable to Denial of Service. An attacker send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0, 18.3, and 17.4.Read Mo ...

Continue Reading

September 16, 2022

graphql-java is vulnerable to denial-of-service. The vulnerability exists because of the missing sanitizations in the `parseDocumentImpl` function in `Parser.java` which allows a remote attacker to ca ...

Continue Reading

September 15, 2022

A flaw was found in GraphQL Java. This flaw allows an attacker to use a malicious query in GraphQL to cause a denial of service due to inefficient lexer input validation.Read More ...

Continue Reading

September 14, 2022

graphql-java before19.0 is vulnerable to Denial of Service. An attacker send a malicious GraphQL query that consumes CPU resources.Read More ...

Continue Reading

September 12, 2022

[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3coeALero1wRwlbO8fdCsRJb6vNXDDPR1k1qaBCetTgspHlHADZCeqSnouS7FmTGZdx2nMe-280zsAruBYIsOQnFfxb41CNNCwHWBmgYHNB_mLkwsdx-JtTJPZQ8dJB47eDgV03 ...

Continue Reading

September 10, 2022

cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema. If cruddl starting with version 1.1.0 and prior to versions 2.7.0 and 3.0.2 is used to generate a ...

Continue Reading

September 08, 2022

> _Article by Jiju Jacob, Director of Engineering at Revenera_ [_This is an update of Mr. Jacobs’ 05/23 post in his _[_Medium blog_]()_. He is a Director of Engineering at Revenera. _[_Revenera_]( ...

Continue Reading

September 08, 2022