12 matches found
CVE-2026-31317
Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery SSRF which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file...
Server-Side Request Forgery (SSRF)
markhuot/craftql is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of external requests in the GetAssetsFieldSchema component, which allows an attacker to trigger unauthorized requests and potentially execute arbitrary code...
Craftql vulnerable to Server-Side Request Forgery
Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery SSRF which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file...
EUVD-2026-23428
Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery SSRF which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file...
GHSA-8WMW-PRW8-2GGM Craftql vulnerable to Server-Side Request Forgery
Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery SSRF which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file...
CVE-2026-31317
Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery SSRF which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file...
CVE-2026-31317
Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery SSRF which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file...
craftql 安全漏洞
Craftql is a server developed by Mark Huot, an individual developer, that provides GraphQL interfaces for the Craft CMS. Versions of Craftql 1.3.7 and earlier contained security vulnerabilities. These vulnerabilities stemmed from server-side request forgeing in the...
PT-2026-33454
Name of the Vulnerable Software and Affected Versions Craftql versions prior to 1.3.8 Description Server-Side Request Forgery SSRF allows an attacker to execute arbitrary code via the 'vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php' file. Recommendations Update to a version newer...
CVE-2026-31317
CVE-2026-31317 affects Craftql v1.3.7 and earlier. The root cause is a Server-Side Request Forgery (SSRF) vulnerability in vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php, which can allow an attacker to execute arbitrary code. Public references consistently describe SSRF as the imp...
CVE-2026-31317
Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery SSRF which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file...
CVE-2026-31317
Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery SSRF which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file...