Red Hat OpenShift 资源管理错误漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. Red Hat OpenShift suffers from a Resource Management Error vulnerability that stems from the presence of a Denial of Service DoS...

CraftCMS Security Vulnerability

CraftCMS is a content management system from CraftCMS, Inc. A security vulnerability exists in CraftCMS version v3.7.31 and earlier versions. An attacker exploited the vulnerability to perform a SQL injection attack via a GraphQL API endpoint...

PT-2024-20385 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.13 GitHub Enterprise Server versions 3.9 through 3.9.12 GitHub Enterprise Server versions 3.10 through 3.10.9 GitHub Enterprise Server versions 3.11 through 3.11.7 GitHub Enterprise Server versions...

Silverstripe CMS GraphQL Server Security Vulnerability

Silverstripe CMS GraphQL Server is a tool that makes SilverStripe data available as a GraphQL representation. A security vulnerability exists in Silverstripe CMS GraphQL Server versions 4.x prior to 4.3.7 and 5.x prior to 5.1.3, which stems from the ability to bypass privilege checks...

Grackle Security Breach

Grackle is a GraphQL server written in functional Scala from the Typelevel project. A security vulnerability exists in Grackle versions prior to 0.18.0 that stems from the presence of a stack overflow, which could lead to a potential denial of service...

GHSA-G56X-7J6W-G8R8 Grackle has StackOverflowError in GraphQL query processing

Impact Prior to this fix, the GraphQL query parsing was vulnerable to StackOverflowErrors. The possibility of small queries resulting in stack overflow is a potential denial of service vulnerability. This potentially affects all applications using Grackle which have untrusted users. !CAUTION No...

GHSA-MVC8-6FFP-JRX5 Authorization bypass in Quarkus

A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and...

PT-2023-30531 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 8.4.2 Description: The issue affects SuiteCRM, a Customer Relationship Management CRM software application, where Graphql Introspection is enabled without authentication. This exposes the scheme defining all object...

DRUPAL-CONTRIB-2023-050

This module lets you craft and expose a GraphQL schema for Drupal 9 and 10. The module currently does not adequately verify whether a given user has the necessary permissions to access an entity's label creating an access bypass vulnerability. This vulnerability is mitigated by the fact that enti...

Silverstripe CMS GraphQL Server Resource Management Error Vulnerability

Silverstripe CMS GraphQL Server is a tool that makes SilverStripe data available as a GraphQL representation. A resource management error vulnerability exists in Silverstripe CMS GraphQL Server, which can be exploited by an attacker to perform a distributed denial-of-service attack DDOS attack...

CVE-2023-28483

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...

CVE-2023-0921

A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage...

PT-2023-24499 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A vulnerability allows unauthenticated attackers to execute queries against the GraphQL database, potentially granting them access to sensitive data stored in the database. However, the vendor disputes this,...

PT-2023-16589 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.4 through 15.6.6 GitLab CE/EE versions 15.7 through 15.7.5 GitLab CE/EE versions 15.8 through 15.8.0 Description: A lack of length validation in GitLab CE/EE allows an authenticated attacker to create a large Issue...

Mercurius 安全漏洞

Mercurius is a GraphQL adapter Fastify. A security vulnerability exists in Mercurius versions prior to 10.5.0, which is caused by a denial of service attack when any user sends an incorrectly formatted packet to "/graphql" via WebSocket...

foreman: foreman: OAuth secret exposure via unauthenticated access to the GraphQL API

A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API...

PT-2022-24863 · Saleor · Saleor

Name of the Vulnerable Software and Affected Versions: Saleor versions prior to 3.1.24 Saleor versions prior to 3.2.14 Saleor versions prior to 3.3.26 Saleor versions prior to 3.4.24 Saleor versions prior to 3.5.23 Saleor versions prior to 3.6.18 Saleor versions prior to 3.7.17 Description: The...

PYSEC-2022-43064

The User-Defined Functions UDF feature in TigerGraph 3.6.0 allows installation of a query in the GSQL query language without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."...

Red Hat stackrox 安全漏洞

Red Hat stackrox is a full lifecycle Kubernetes security solution from Red Hat. It allows you to detect, manage, and mitigate security risks, such as misconfigurations, and vulnerabilities CVEs. A security vulnerability exists in Red Hat stackrox that stems from improper stackrox cleanup. An...

Web-Attack-Cheat-Sheet

It is an offensive tool for web application security testing. The repository contains a comprehensive web attack cheat sheet, covering various techniques for discovering, enumerating, scanning, and monitoring web applications. The tool covers topics such as IP and subdomain enumeration, cache and...