silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS att ...
Continue Reading
December 15, 2023
A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentic ...
Continue Reading
December 15, 2023
github.com/ethereum/go-ethereum is vulnerable to Denial of Service. This vulnerability exists when ` --http --graphql` is used which allows an attacker to cause an application crash via a crafted Grap ...
Continue Reading
December 15, 2023
Mastering the Essential Elements of Services-Focused Programming The methodology of programming using tiny, interdependent software units, often simplified to 'Microservices', has seen a mar ...
Continue Reading
December 15, 2023
SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object type ...
Continue Reading
December 15, 2023
**Summary:** Hello HackerOne security team :-) For a while now I have been monitoring H1 js files. I've just noticed some new GraphQL queries about `HackerOne Copilot`. While this feature has not yet ...
Continue Reading
December 15, 2023
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS att ...
Continue Reading
December 15, 2023
Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the v ...
Continue Reading
December 15, 2023
Back to Main
