3 matches found
CVE-2026-9165
A flaw was found in Red Hat Advanced Cluster Security for Kubernetes RHACS. Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central...
GraphQL Armor Max-Depth Plugin Bypass via fragment caching
Summary A query depth restriction using the max-depth can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details In the countDepth function, we have the following code that calculates the depth of a used fragment: typescript...
Allocation of Resources Without Limits or Throttling
Overview @escape.tech/graphql-armor-max-depth is a Limit the depth allowed in a GraphQL query. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the countDepth function when the ignoreIntrospection configuration is enabled. An attacker ca...