5 matches found
Improper Neutralization of Special Elements in Data Query Logic
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the checkUserPassword process. An attacker can execute arbitrary queries on the backend database by injecting specially crafted input into the password field of a Graph...
CVE-2026-3118 Rhdh: graphql injection leading to platform-wide denial of service (dos) in rh developer hub orchestrator plugin
A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub Backstage. The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This...
CVE-2026-3118
The CVE covers CVE-2026-3118 affecting the Orchestrator Plugin in Red Hat Developer Hub (Backstage). The root cause is insufficient input validation in GraphQL query handling, allowing an authenticated user to inject crafted input that disrupts backend query processing and triggers a platform-wid...
CVE-2026-3118 Rhdh: graphql injection leading to platform-wide denial of service (dos) in rh developer hub orchestrator plugin
A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub Backstage. The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This...
ebram_web_scanner
EBRAM Web Scanner EBRAM Web Scanner is a powerful Python-ba...