PT-2024-34133 · Graphql +1 · Graphql +1

Name of the Vulnerable Software and Affected Versions: GraphQL affected versions not specified Description: A vulnerability was found in GraphQL due to improper access controls on the graphql introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available...

ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.112.0), ai.ancf.lmos:arc-runner (>=0.1.1 <=0.112.0) +4775 more potentially affected by CVE-2024-38820 via org.springframework:spring-web (>=6.1.0 <=6.1.13)

org.springframework:spring-web MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.7 and more Source cves: CVE-2024-38820 Source advisory: OSV:GHSA-4GC7-5J7H-4QPH...

Zimbra Collaboration Server 9.0.0 < 9.0.0 Patch 42, 10.0 < 10.0.10, 10.1.0 < 10.1.2 CSRF

According to its self-reported version number, Zimbra Collaboration Server is affected by a cross-site request forgery by disabling GraphQL GET methods via localconfig. A new local config attribute, zimbragqlenabledangerousdeprecatedgetmethodwillberemoved, has been introduced to control these...

Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this vulnerability in that the target must open a malicious email message. The specific flaw exists within the implementation of the graphql...

Critical: Red Hat Security Advisory: Red Hat build of Quarkus 3.2.12.SP1 Security Update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java

A vulnerability was found in GraphQL Java, affecting versions prior to 21.5. This flaw allows an attacker to perform a denial of service DoS attack via introspection queries. The issue arises due to the improper handling of ExecutableNormalizedFields ENFs, which are not adequately considered duri...

graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java

A vulnerability was found in GraphQL Java, affecting versions prior to 21.5. This flaw allows an attacker to perform a denial of service DoS attack via introspection queries. The issue arises due to the improper handling of ExecutableNormalizedFields ENFs, which are not adequately considered duri...

Critical: Red Hat Security Advisory: Red Hat build of Quarkus 3.8.6.SP1 Security Update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

CVE-2024-6861

A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API. Mitigation To mitigate this...

apollo-gateway-rs (>=0.7.5 <=0.7.6), aqlgen (>=0.1.0 <=0.8.0) +83 more potentially affected by CVE-2024-47614 via async-graphql (>=1.13.4 <=6.0.11)

async-graphql CARGO version =1.13.4, =0.7.5, =0.1.0, =0.1.0, =0.1.0, =0.0.1-alpha+3, =0.1.0, =2.9.13, =4.0.3, =0.1.0-beta.0, =2.9.12, =0.2.0, =1.14.10, =0.1.0, =0.4.4 and more Source cves: CVE-2024-47614 Source advisory: OSV:GHSA-5GC2-7C65-8FQ8...

GHSA-5GC2-7C65-8FQ8 async-graphql Directive Overload

Impact - Service Disruption: The server may become unresponsive or extremely slow, potentially leading to downtime. - Resource Exhaustion: Excessive use of server resources, such as CPU and memory, could negatively impact other services running on the same infrastructure. - User Experience...

CVE-2024-47614

async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10...

CVE-2024-47614 async-graphql vulnerable to Directive Overload

async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10...

CVE-2024-47614

The CVE-2024-47614 issue affects the Rust GraphQL server library async-graphql prior to version 7.0.10 . The vulnerability arises because it does not limit the number of directives for a field, which can lead to Service Disruption , Resource Exhaustion , and degraded User Experience . Affected so...

CVE-2024-47614 async-graphql vulnerable to Directive Overload

async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10...

CVE-2024-47614 async-graphql vulnerable to Directive Overload

async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10...

PT-2024-32674

Name of the Vulnerable Software and Affected Versions async-graphql versions prior to 7.0.10 Description The issue is related to the async-graphql library, a GraphQL server implemented in Rust, where it does not limit the number of directives for a field. This can lead to Service Disruption,...

async-graphql 安全漏洞

async-graphql is a fully compliant high-performance graphql server library from the async-graphql open source. A security vulnerability exists in async-graphql versions prior to 7.0.10 that stems from the number of commands in an unrestricted field, which could lead to service disruption, resourc...

CVE-2024-40094

A vulnerability was found in GraphQL Java, affecting versions prior to 21.5. This flaw allows an attacker to perform a denial of service DoS attack via introspection queries. The issue arises due to the improper handling of ExecutableNormalizedFields ENFs, which are not adequately considered duri...

Cross-Site Request Forgery (CSRF)

strawberrygraphql is vulnerable to cross-site request forgery CSRF. The vulnerability is due to the default configuration of the Strawberry GraphQL library, which allows multipart file upload support without proper CSRF protection and exempted the integration from Django's built-in CSRF safeguard...