Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistVmwareCVELIST:CVE-2023-34047
HistorySep 20, 2023 - 9:09 a.m.

CVE-2023-34047 Exposure of data and identity to wrong session in Spring for GraphQL

2023-09-2009:09:12
vmware
raw.githubusercontent.com
2
cve-2023-34047
data exposure
identity exposure
spring
graphql
batch loader
dataloaderoptions

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.8%

JSON

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptionsย instance when registering batch loader functions through DefaultBatchLoaderRegistry.

Related

osv 2
veracode 1
github 1
prion 1
cve 1
osv
osv
CVE-2023-34047
2023-09-20 10:15:14
Spring for GraphQL may be exposed to GraphQL context with values from a different session
2023-09-20 12:30:22
veracode
veracode
Information Disclosure
2023-09-25 08:52:53
github
github
Spring for GraphQL may be exposed to GraphQL context with values from a different session
2023-09-20 12:30:22
prion
prion
Code injection
2023-09-20 10:15:00
cve
cve
CVE-2023-34047
2023-09-20 10:15:14

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.8%

JSON
Related for CVELIST:CVE-2023-34047
osv2veracode1github1prion1cve1