Code injection

Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the v ...

Continue Reading
CVE-2023-42319

Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the v ...

Continue Reading
Unlocking Seamless API Security: Revenera’s Journey with Wallarm

In today's digital landscape, ensuring the security of web applications and APIs is paramount. The journey to find the right security solution can be filled with challenges and choices. In this blog p ...

Continue Reading
Pimcore Demo Allows GraphQL Introspection

Introspection is enabled on `demo.pimcore.fun`. The demo site has graphql as a feature for users, but allows users to run instropection queries, which presents a potential schema information disclosur ...

Continue Reading
Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation

When you have transforms on the root level or single source with transforms, and the client sends the same query with different variables, the initial variables are used in all following requests unti ...

Continue Reading
Code injection

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An ap ...

Continue Reading
Unlocking Seamless API Security: Revenera’s Journey with Wallarm

In today's digital landscape, ensuring the security of web applications and APIs is paramount. The journey to find the right security solution can be filled with challenges and choices. In this blog p ...

Continue Reading
CVE-2023-34047

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An ap ...

Continue Reading

Back to Main

Subscribe for the latest news: