Lucene search
K

8 matches found

OSV
OSV
added 2026/05/04 10:22 p.m.4 views

GHSA-FC86-6RV6-2JPM webonyx/graphql-php has quadratic validation cost in OverlappingFieldsCanBeMerged via inline fragments

Summary OverlappingFieldsCanBeMerged validation rule has On^2 x m^2 worst case via flattened inline fragments. The CVE-2023-26144 named-fragment cache does not cover inline fragments. A 364 KB query 200 outer x 100 inner inline fragments consumes 117 seconds of CPU per request, with no comparison...

7.5CVSS5.9AI score
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 9:30 p.m.29 views

Security Bulletin: IBM Edge Application Manager 4.5.3 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.3 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By inserting the X-XSRF-TOKE...

6.5CVSS7AI score0.01198EPSS
Exploits2Affected Software1
Circl
Circl
added 2023/09/20 12:30 p.m.6 views

CVE-2023-26144

creationtimestamp| type| source ---|---|--- 2023-09-20 12:30:12+00:00| seen| https://t.me/cibsecurity/70785...

5.3CVSS6.1AI score0.01198EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2023/09/20 6:30 a.m.4 views

0xsodium (>=0.0.0 <=1.48.0), 3extensions (=1.0.1) +965 more potentially affected by CVE-2023-26144 via graphql (>=16.3.0 <=16.8.0)

graphql NPM version =16.3.0, =0.0.0, =0.0.1, =0.0.0, =0.0.0, =0.0.1, =1.16.13, =1.8.5, =1.1.12, =1.6.23, =1.16.6, =1.1.12, =1.8.5, =1.16.33, =1.0.0, =1.17.12-beta-20260420-075606-d7d7a9c7 and more Source cves: CVE-2023-26144 Source advisory: OSV:GHSA-9PV7-VFVM-6VR7...

5.3CVSS6.3AI score0.01198EPSS
Exploits1
NVD
NVD
added 2023/09/20 5:15 a.m.23 views

CVE-2023-26144

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service DoS due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. Note: It was not proven...

5.3CVSS5.4AI score0.01198EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2023/09/20 5:15 a.m.31 views

CVE-2023-26144

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service DoS due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. Note: It was not proven...

5.3CVSS6.4AI score0.01198EPSS
Exploits1References6
CVE
CVE
added 2023/09/20 5:0 a.m.2667 views

CVE-2023-26144

CVE-2023-26144 affects the graphql package: versions 16.3.0 and earlier are vulnerable, with the issue fixed in 16.8.1. Root cause is insufficient checks in OverlappingFieldsCanBeMergedRule.ts when parsing large queries, enabling Denial of Service and degraded performance. The description notes t...

5.3CVSS5AI score0.01198EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2023/09/20 5:0 a.m.38 views

CVE-2023-26144

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service DoS due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. Note: It was not proven...

5.3CVSS5.4AI score0.01198EPSS
Exploits1References5
Rows per page
Query Builder