Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the v ...
Continue ReadingDecember 15, 2023
Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the v ...
Continue ReadingDecember 15, 2023
In today's digital landscape, ensuring the security of web applications and APIs is paramount. The journey to find the right security solution can be filled with challenges and choices. In this blog p ...
Continue ReadingDecember 15, 2023
Introspection is enabled on `demo.pimcore.fun`. The demo site has graphql as a feature for users, but allows users to run instropection queries, which presents a potential schema information disclosur ...
Continue ReadingDecember 15, 2023
When you have transforms on the root level or single source with transforms, and the client sends the same query with different variables, the initial variables are used in all following requests unti ...
Continue ReadingDecember 15, 2023
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An ap ...
Continue ReadingDecember 15, 2023
In today's digital landscape, ensuring the security of web applications and APIs is paramount. The journey to find the right security solution can be filled with challenges and choices. In this blog p ...
Continue ReadingDecember 15, 2023
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An ap ...
Continue ReadingDecember 15, 2023
Back to Main