GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API.Read More ...
Continue Reading
December 15, 2023
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large qu ...
Continue Reading
December 15, 2023
silverstripe/graphql is vulnerable to Distributed Denial Of Service attacks. The vulnerability is due to publicly exposed graphql schemas because it does not properly validate recursive queries, allow ...
Continue Reading
December 15, 2023
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An ap ...
Continue Reading
December 15, 2023
The GraphQL module enables you to build GraphQL APIs which can include data fetching through Queries and data updates (create, update, delete) through mutations. The module does not sufficiently valid ...
Continue Reading
December 15, 2023
Summary: Hello team, While testing the analytics reports functionality for an organization, I realized that organization members can delete reports created for a team they have no access to. If an or ...
Continue Reading
December 15, 2023
Introspection is enabled on `demo.pimcore.fun`. The demo site has graphql as a feature for users, but allows users to run instropection queries, which presents a potential schema information disclosur ...
Continue Reading
December 15, 2023
@graphql-mesh/runtime is vulnerable to Denial Of Service (DoS). This vulnerability exists due to improper transforms at the root level, allowing an attacker to send duplicate queries with different va ...
Continue Reading
December 15, 2023
Back to Main
