An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumerat ...
Continue Reading
June 23, 2022
At GitHub, we draw on our own experience using GitHub to build GitHub. As an example of this, we use a number of GitHub Advanced Security features internally. This post covers how we rolled out Depend ...
Continue Reading
June 23, 2022
Not only is RSAC back in person, but [API security]() is coming to the forefront. Wallarm, the G2 leader in Application Security, is thrilled to be back at RSAC where we will show off all of our new A ...
Continue Reading
June 23, 2022
An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename.Read More ...
Continue Reading
June 23, 2022
The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL quer ...
Continue Reading
June 23, 2022
The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL quer ...
Continue Reading
June 23, 2022
Agoo through 2.14.2 does not reject GraphQL fragment spreads that form cycles, leading to an application crash.Read More ...
Continue Reading
June 23, 2022
Hi, Spring fans! In thi^^^ these installments, we continue our series introducing the Spring for GraphQL project. This series features Spring for GraphQL lead [Rossen Stoyanchev (@rstoya05)]() - whose ...
Continue Reading
June 23, 2022
Back to Main
