Lucene search
+L

HackerOne: GraphQL node interface for ActiveResource models lacks encoding for resource identifier, enabling parameter injection in Payments backend

🗓️ 20 Feb 2020 03:25:44Reported by jobertType 
hackerone
 hackerone
🔗 hackerone.com👁 46 Views

HackerOne exposed Payments backend security vulnerability due to lack of encoding in GraphQL node interface, enabling parameter injectio

Related
ReporterTitlePublishedViews
Family
cve
CVE-2020-8151
12 May 202013:01
cve
cvelist
CVE-2020-8151
12 May 202013:01
cvelist
debiancve
CVE-2020-8151
12 May 202013:01
debiancve
euvd
EUVD-2020-0408
7 Oct 202500:30
euvd
fedora
[SECURITY] Fedora 33 Update: rubygem-activeresource-5.1.1-1.fc33
25 Sep 202017:10
fedora
github
Information disclosure issue in Active Resource
21 May 202021:09
github
gitlab
Information disclosure issue in Active Resource
21 May 202000:00
gitlab
hackerone
Ruby on Rails: Missing resource identifier encoding may lead to security vulnerabilities
24 Feb 202020:41
hackerone
nvd
CVE-2020-8151
12 May 202013:15
nvd
openvas
Fedora: Security Advisory for rubygem-activeresource (FEDORA-2020-02646284df)
26 Sep 202000:00
openvas
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation