CVE-2022-1563 WPGraphQL WooCommerce <= 0.11.0 - Unauthenticated Coupon Codes Disclosure

The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL...

WordPress plugin WPGraphQL WooCommerce security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in the...

PT-2024-11510 · WordPress · Wpgraphql Woocommerce

Name of the Vulnerable Software and Affected Versions: WPGraphQL WooCommerce WordPress plugin versions prior to 0.12.4 Description: The issue allows unauthenticated attackers to enumerate a shop's coupon codes and values via GraphQL. This can be done through GraphQL endpoints, potentially exposin...

GHSA-GGPM-9QFX-MHWG EverShop vulnerable to improper authorization in GraphQL endpoints

Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.9, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints...

EverShop vulnerable to improper authorization in GraphQL endpoints

Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.9, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints...

CVE-2023-46942

Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints...

Authorization

Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints...

CVE-2023-46942

Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints...

EverShop Security Breach

EverShop is a NodeJS e-commerce platform open-sourced by EverShop. A security vulnerability exists in EverShop versions prior to 1.0.0-rc.8 that stems from a lack of authentication. An attacker exploited the vulnerability to obtain sensitive information through incorrect authorization in a GraphQ...

CVE-2023-46942

CVE-2023-46942 affects the Node package @evershop/evershop, with versions prior to 1.0.0-rc.8. The root cause is a lack of authentication leading to improper authorization on GraphQL endpoints, allowing remote attackers to obtain sensitive information. The CVSS vector from NVD/CNA indicates a hig...

PT-2024-13390 · Npm · @Evershop/Evershop

Name of the Vulnerable Software and Affected Versions: @evershop/evershop versions prior to 1.0.0-rc.8 Description: The issue is related to a lack of authentication in the @evershop/evershop package, which allows remote attackers to obtain sensitive information via improper authorization in Graph...

Security Bulletin: IBM Match 360 is vulnerable to a denial of service of GraphQL Java within IBM WebSphere Application Server Liberty (CVE-2023-28867)

Summary IBM Match 360 is vulnerable to a denial of service of GraphQL Java within IBM WebSphere Application Server Liberty.GraphQL Java is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially crafted GraphQL query, a remote attacker could exploit this...

HackerOne: View Titles of Private Reports with pending email invitation

A vulnerability was discovered where anonymous users could view the titles of private reports with pending email invitations for collaboration. This was possible by sending a GraphQL request or running JavaScript code while logged out. It only worked for anonymous users when the collaboration...

GitLab 13.0 < 14.3.6 / 14.4 < 14.4.4 / 14.5 < 14.5.2 (CVE-2021-39915)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 befor...

GitLab 13.8 < 13.9.7 / 13.10 < 13.10.4 / 13.11 < 13.11.12 (CVE-2021-22209)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed...

CVE-2023-50730

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

Stack overflow

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

CVE-2023-50730 Grackle has StackOverflowError in GraphQL query processing

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

CVE-2023-50730 Grackle has StackOverflowError in GraphQL query processing

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

CVE-2023-50730

CVE-2023-50730 affects Grackle, a Scala GraphQL server. The vulnerabilities arise from two stack-related issues: (1) cyclic GraphQL fragments could trigger a JVM StackOverflowError during type checking/compilation, and (2) the cats-parse recursive operator used in the parser isn’t stack-safe, ena...