A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An ap ...
Continue Reading
December 15, 2023
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS att ...
Continue Reading
December 15, 2023
Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL Client Desktop Application does not sanitize external URLs before passing them to the underlying system. Moreover, Altair GraphQL ...
Continue Reading
December 15, 2023
When you have transforms on the root level or single source with transforms, and the client sends the same query with different variables, the initial variables are used in all following requests unti ...
Continue Reading
December 15, 2023
org.springframework.graphql:spring-graphql is vulnerable to Information Disclosure. The vulnerability is due to an issue where an application provides a `DataLoaderOptions` instance when registering b ...
Continue Reading
December 15, 2023
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An ap ...
Continue Reading
December 15, 2023
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository.Read More ...
Continue Reading
December 15, 2023
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large qu ...
Continue Reading
December 15, 2023
Back to Main
