agent-evaluator (=0.7.8), arize-phoenix (>=0.0.33 <=2.11.1) +31 more potentially affected by CVE-2024-47082 via strawberry-graphql (>=0.202.1 <=0.242.0)

strawberry-graphql PYPI version =0.202.1, =0.0.33, =0.41.0, =1.2.0, =0.2.4, =0.2.6, =0.0.7, =0.5.0, =0.0.1, =0.0.1, =0.2.1, =0.1.0, =0.2.2, =0.5.19 and more Source cves: CVE-2024-47082 Source advisory: OSV:GHSA-79GP-Q4WV-33FR...

GHSA-79GP-Q4WV-33FR Cross-Site Request Forgery (CSRF) in strawberry-graphql

Impact Multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable to CSRF attacks if users did not explicitly enable CSRF preventing security...

PYSEC-2024-171

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...

agent-evaluator (=0.7.8), arize-phoenix (>=0.0.33 <=2.11.1) +31 more potentially affected by CVE-2024-47082 via strawberry-graphql (>=0.202.1 <=0.242.0)

strawberry-graphql PYPI version =0.202.1, =0.0.33, =0.41.0, =1.2.0, =0.2.4, =0.2.6, =0.0.7, =0.5.0, =0.0.1, =0.0.1, =0.2.1, =0.1.0, =0.2.2, =0.5.19 and more Source cves: CVE-2024-47082 Source advisory: OSV:PYSEC-2024-171...

CVE-2024-47082

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...

PYSEC-2024-171

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...

CVE-2024-47082 Strawberry GraphQL Cross-Site Request Forgery (CSRF) vulnerability

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...

CVE-2024-47082 Strawberry GraphQL Cross-Site Request Forgery (CSRF) vulnerability

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...

CVE-2024-47082

The CVE-2024-47082 entry describes a vulnerability in Strawberry GraphQL where multipart file upload support was enabled by default in HTTP view integrations prior to version 0.243.0, enabling CSRF attacks if CSRF protection was not explicitly enabled. The Django HTTP view integration had a defau...

CVE-2024-47082 Strawberry GraphQL Cross-Site Request Forgery (CSRF) vulnerability

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...

PT-2024-32396 · Django +1 · Django +1

Name of the Vulnerable Software and Affected Versions: Strawberry GraphQL versions prior to 0.243.0 Description: The issue concerns Strawberry GraphQL, a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support was enabled by default in all Strawberry HTTP view...

Strawberry GraphQL 跨站请求伪造漏洞

Strawberry GraphQL is a Python GraphQL library utilizing type annotations in the Strawberry GraphQL open source. A cross-site request forgery vulnerability exists in Strawberry GraphQL versions prior to 0.243.0, which stems from vulnerability to cross-site request forgery CSRF attacks...

PT-2024-40583 · Graphql · Graphql

Name of the Vulnerable Software and Affected Versions: graphql affected versions not specified Description: The issue is related to a security exception in the graphql schema. Specifically, the problem occurs in the simplePrint function of GraphQLTypeUtil. This function is called multiple times,...

ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +33756 more potentially affected by CVE-2024-7254 via com.google.protobuf:protobuf-java (>=2.0.3 <=3.25.4)

com.google.protobuf:protobuf-java MAVEN version =2.0.3, =0.1.1, =0.1.1, =0.1.1, =1.4.6, =1.0.0, =0.0.23, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.2.8 and more Source cves: CVE-2024-7254 Source advisory: OSV:GHSA-735F-PC8J-V9W8...

ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.111.0 <=0.120.0), ai.ancf.lmos:arc-runner (>=0.111.0 <=0.120.0) +1041 more potentially affected by CVE-2024-7254 via com.google.protobuf:protobuf-java (>=4.0.0-rc-1 <=4.27.4)

com.google.protobuf:protobuf-java MAVEN version =4.0.0-rc-1, =0.111.0, =0.111.0, =0.6.5, =0.0.1-alpha24, =0.1.0-M22, =0.1.0-M22, =2.0.0, =2.1.4 - be.vlaanderen.informatievlaanderen.ldes.client:event-stream-properties-fetcher =2.12.0 - be.vlaanderen.informatievlaanderen.ldes.client:ldes-client...

BIT-GITLAB-2024-4472 Insertion of Sensitive Information into Log File in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs...

Fundamentals of GraphQL-specific attacks

GraphQL vs REST APIs Developers are constantly exploring new technologies that can improve the performance, flexibility, and usability of applications. GraphQL is one such technology that has gained significant attention for its ability to fetch data efficiently. Unlike the traditional REST API,...

CVE-2024-4472

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs...

UBUNTU-CVE-2024-4472

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs...

CVE-2024-4472

CVE-2024-4472 affects GitLab CE/EE; vulnerable versions include all from 16.5 up to 17.1.7, 17.2 up to 17.2.5, and 17.3 up to 17.3.2, where dependency proxy credentials are retained in GraphQL logs. The issue’s root cause is credentials leakage in GraphQL log handling. Remediation is to apply the...