11 matches found
CVE-2021-47959 WordPress Plugin WPGraphQL 1.3.5 Denial of Service
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloa...
CVE-2021-47959 WordPress Plugin WPGraphQL 1.3.5 Denial of Service
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloa...
CVE-2021-47959
WPGraphQL 1.3.5 is affected by a DoS vulnerability: unauthenticated attackers can exhaust server resources by sending batched GraphQL queries with duplicated fields, potentially causing OOM conditions and MySQL connection errors. The provided documents do not include a confirmed patch version or ...
EUVD-2021-34814
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloa...
PT-2026-41340
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloa...
CVE-2025-0453 Denial of Service through Batched Queries in GraphQL in mlflow/mlflow
In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...
Denial of service through batched queries in GraphQL
This report is not public...
WordPress WPGraphQL 1.3.5 Denial Of Service
Exploit Title: WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Author: Dolev Farhi Date: 2021-04-12 Vendor Homepage: https://www.wpgraphql.com/ Version: 1.3.5 Tested on: Ubuntu """ This attack uses duplication of fields amplified by GraphQL batched queries, resulting in server OOM and MySQL...
WPGraphQL < 1.3.6 - Denial of Service
The plugin suffers from a Denial of Service vulnerability by Field Duplication. It is possible to create an expensive query by duplicating the number of fields, while simultaneously sending these requests in batches using GraphQL's Batching capability. v1.3.6 added a setting to disable batch...
WordPress WPGraphQL 1.3.5 Plugin - Denial of Service Exploit
Exploit Title: WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Author: Dolev Farhi Vendor Homepage: https://www.wpgraphql.com/ Version: 1.3.5 Tested on: Ubuntu """ This attack uses duplication of fields amplified by GraphQL batched queries, resulting in server OOM and MySQL connection errors...
WPGraphQL < 1.3.6 - Denial of Service
The plugin suffers from a Denial of Service vulnerability by Field Duplication. It is possible to create an expensive query by duplicating the number of fields, while simultaneously sending these requests in batches using GraphQL's Batching capability. v1.3.6 added a setting to disable batch...