CVE-2015-10043 abreen Apollo path traversal

A vulnerability, which was classified as critical, was found in abreen Apollo. This affects an unknown part. The manipulation of the argument file leads to path traversal. The patch is named 6206406630780bbd074aff34f4683fb764faba71. It is recommended to apply a patch to fix this issue. The...

CVE-2015-10043 abreen Apollo path traversal

A vulnerability, which was classified as critical, was found in abreen Apollo. This affects an unknown part. The manipulation of the argument file leads to path traversal. The patch is named 6206406630780bbd074aff34f4683fb764faba71. It is recommended to apply a patch to fix this issue. The...

PT-2023-10222 · Unknown · Abreen Apollo

Name of the Vulnerable Software and Affected Versions: abreen Apollo affected versions not specified Description: A critical vulnerability was found in abreen Apollo, affecting an unknown part. The manipulation of the file argument leads to path traversal. Recommendations: To fix this issue, it i...

abreen Apollo 路径遍历漏洞

Apollo is a set of PHP scripts by Alex Breen, an individual developer. It is intended to provide a web-based interface for students to upload course assignments. A path traversal vulnerability exists in abreen Apollo, which stems from an unknown partial impact, where manipulation of a parameter...

Null pointer dereference

Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.00...

HTTP Request Smuggling

apollo-server is vulnerable to HTTP request smuggling. The vulnerability exists because the library does not properly set the cache-control response header in the batched HTTP requests, allowing an attacker to smuggle HTTP requests...

Batched HTTP requests may set incorrect `cache-control` response header

Impact In Apollo Server 3 and 4, the cache-control HTTP response header may not reflect the cache policy that should apply to an HTTP request when that HTTP request contains multiple operations using HTTP batching. This could lead to data being inappropriately cached and shared. Apollo Server...

GHSA-8R69-3CVP-WXC3 Batched HTTP requests may set incorrect `cache-control` response header

Impact In Apollo Server 3 and 4, the cache-control HTTP response header may not reflect the cache policy that should apply to an HTTP request when that HTTP request contains multiple operations using HTTP batching. This could lead to data being inappropriately cached and shared. Apollo Server...

@a11ywatch/a11ywatch (>=0.1.0 <=0.1.65), @a11ywatch/core (>=0.4.52 <=0.5.158) +11 more potentially affected by unknown CVE via apollo-server-core (>=3.10.0 <=3.10.4)

apollo-server-core NPM version =3.10.0, =0.1.0, =0.4.52, =0.1.0-alpha.0, =0.1.0-alpha.1, =0.1.0-alpha.0, =0.1.0-alpha.0, =0.1.0-alpha.0, =10.7.1, =9.0.0, =2.0.0-beta.7, =1.0.0, =4.13.1, =1.3.0-beta.2, =2.0.0-beta.2 Source cves: unknown CVE Source advisory: OSV:GHSA-8R69-3CVP-WXC3...

Batched HTTP requests may set incorrect `cache-control` response header

Impact In Apollo Server 3 and 4, the cache-control HTTP response header may not reflect the cache policy that should apply to an HTTP request when that HTTP request contains multiple operations using HTTP batching. This could lead to data being inappropriately cached and shared. Apollo Server...

PT-2022-28222 · Unknown · Apollo Server

Name of the Vulnerable Software and Affected Versions: Apollo Server versions 3.0.0 through 3.10.0 Apollo Server versions 4.0.0 through 4.0.0 Description: The cache-control HTTP response header may not reflect the cache policy for HTTP requests with multiple operations using HTTP batching. This...

Malicious code in @nexthink/apollo-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3596f839602da6a9bf358c4e2d46e8b16727da99621ec65e3986e417e8f6186b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @nexthink/apollo-tokens (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware faa168f6a74af14b39193cdea04f9798ab2d20f8ad531d396b5207580e9fc5b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-456 Malicious code in @nexthink/apollo-tokens (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware faa168f6a74af14b39193cdea04f9798ab2d20f8ad531d396b5207580e9fc5b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @nexthink/apollo-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2442bca6d9a3dd356ea5faa389a7389021876ef535ddd23ff709bb803655af2b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-2P3C-P3QW-69R4 The graphql-upload library included in Apollo Server 2 is vulnerable to CSRF mutations

Impact The graphql-upload npm package can execute GraphQL operations contained in content-type: multipart/form-data POST requests. Because they are POST requests, they can contain GraphQL mutations. Because they use content-type: multipart/form-data, they can be "simple requests" which are not...

@aerogear/voyager-metrics (>=0.7.2-dev.409.01ecc9f.0 <=0.7.2-dev.411.7aaa5a6.0), @aerogear/voyager-server (>=0.7.2-dev.409.01ecc9f.0 <=0.9.1-dev.435.8d846ff.0) +47 more potentially affected by unknown CVE via apollo-server (>=2.0.0 <=2.25.3)

apollo-server NPM version =2.0.0, =0.7.2-dev.409.01ecc9f.0, =0.7.2-dev.409.01ecc9f.0, =2018.8.29-0, =2018.8.28-0, =1.0.0, =0.10.0, =0.0.9, =0.0.11, =0.0.0-alpha.1, =0.0.0-alpha.7, =0.0.0-alpha.3, =3.17.0, =0.0.0-alpha.7, =0.0.0-alpha.7, =3.23.3 and more Source cves: unknown CVE Source advisory:...

The graphql-upload library included in Apollo Server 2 is vulnerable to CSRF mutations

Impact The graphql-upload npm package can execute GraphQL operations contained in content-type: multipart/form-data POST requests. Because they are POST requests, they can contain GraphQL mutations. Because they use content-type: multipart/form-data, they can be "simple requests" which are not...

PT-2022-28174 · Apollo · Apollo Server 2 +1

Name of the Vulnerable Software and Affected Versions: Apollo Server 2 versions prior to 2.25.4 Apollo Server versions that manually integrate with graphql-upload and do not have CSRF prevention enabled Description: The graphql-upload npm package can execute GraphQL operations contained in...

apollo-core.com Cross Site Scripting vulnerability OBB-2935656

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...