CVE-2023-6690

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed i...

Race condition

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed i...

CVE-2023-6690

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed i...

CVE-2023-6690

A race condition in GitHub Enterprise Server allows an existing admin to retain permissions on transferred repositories by mutating repository permissions via GraphQL during transfer. Affected: GitHub Enterprise Server v3.8.0 and later. Impact: persistence of admin permissions on transferred repo...

GitHub Enterprise Server Security Vulnerability

GitHub Enterprise Server is a U.S. GitHub open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.8.12, prior to...

PT-2023-32741 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.8.0 through 3.8.11 GitHub Enterprise Server versions 3.9.0 through 3.9.6 GitHub Enterprise Server versions 3.10.0 through 3.10.3 GitHub Enterprise Server versions 3.11.0 Description: A race condition in...

EXNESS: GraphQL attribute Batching DOS can take down pwapi.ex2b.com

Summary: Hi team! I hope you are having a great day! pwapi.ex2b.com instances work with a GraphQL API. This GraphQL endpoint is at / and can be called by unauthenticated users. This Graphql endpoint allows you to perform a query with the same attribute multiple times on a single request. The more...

Stack Overflow

Grackle is vulnerable to Stack Overflow Vulnerability. The vulnerability is due to improper bound check while parsing graphql queries. This can lead to application crash resulting in Denial Of Service DOS...

edu.gemini:clue-generator_2.13 (>=0.12.0 <=0.35.4), edu.gemini:clue-macro_2.13 (>=0.2.2 <=0.12.2) +9 more potentially affected by CVE-2023-50730 via edu.gemini:gsp-graphql-core_2.13 (>=0.0.1 <=0.14.0)

edu.gemini:gsp-graphql-core2.13 MAVEN version =0.0.1, =0.12.0, =0.2.2, =0.0.18, =0.0.1, =0.10.0, =0.0.1, =0.0.2, =0.0.26, =0.0.26, =0.5.6, =0.6.6 Source cves: CVE-2023-50730 Source advisory: OSV:GHSA-G56X-7J6W-G8R8...

edu.gemini:gsp-graphql-circe_3 (>=0.0.47 <=0.14.0), edu.gemini:gsp-graphql-doobie-pg_3 (>=0.10.0 <=0.14.0) +7 more potentially affected by CVE-2023-50730 via edu.gemini:gsp-graphql-core_3 (>=0.0.47 <=0.14.0)

edu.gemini:gsp-graphql-core3 MAVEN version =0.0.47, =0.0.47, =0.10.0, =0.0.47, =0.0.48, =0.0.47, =0.0.47, =0.5.6, =0.5.0, =0.20.3 Source cves: CVE-2023-50730 Source advisory: OSV:GHSA-G56X-7J6W-G8R8...

edu.gemini:gsp-graphql-circe_sjs1_3 (>=0.13.0 <=0.14.0), edu.gemini:gsp-graphql-generic_sjs1_3 (>=0.13.0 <=0.14.0) +2 more potentially affected by CVE-2023-50730 via edu.gemini:gsp-graphql-core_sjs1_3 (>=0.13.0 <=0.14.0)

edu.gemini:gsp-graphql-coresjs13 MAVEN version =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.14.0 Source cves: CVE-2023-50730 Source advisory: OSV:GHSA-G56X-7J6W-G8R8...

edu.gemini:gsp-graphql-circe_sjs1_2.13 (>=0.13.0 <=0.14.0), edu.gemini:gsp-graphql-generic_sjs1_2.13 (>=0.13.0 <=0.14.0) +2 more potentially affected by CVE-2023-50730 via edu.gemini:gsp-graphql-core_sjs1_2.13 (>=0.13.0 <=0.14.0)

edu.gemini:gsp-graphql-coresjs12.13 MAVEN version =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.14.0 Source cves: CVE-2023-50730 Source advisory: OSV:GHSA-G56X-7J6W-G8R8...

edu.gemini:gsp-graphql-circe_native0.4_3 (>=0.13.0 <=0.14.0), edu.gemini:gsp-graphql-generic_native0.4_3 (>=0.13.0 <=0.14.0) +2 more potentially affected by CVE-2023-50730 via edu.gemini:gsp-graphql-core_native0.4_3 (>=0.13.0 <=0.14.0)

edu.gemini:gsp-graphql-corenative0.43 MAVEN version =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.14.0 Source cves: CVE-2023-50730 Source advisory: OSV:GHSA-G56X-7J6W-G8R8...

edu.gemini:gsp-graphql-circe_native0.4_2.13 (>=0.13.0 <=0.14.0), edu.gemini:gsp-graphql-generic_native0.4_2.13 (>=0.13.0 <=0.14.0) +2 more potentially affected by CVE-2023-50730 via edu.gemini:gsp-graphql-core_native0.4_2.13 (>=0.13.0 <=0.14.0)

edu.gemini:gsp-graphql-corenative0.42.13 MAVEN version =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.14.0 Source cves: CVE-2023-50730 Source advisory: OSV:GHSA-G56X-7J6W-G8R8...

Grackle has StackOverflowError in GraphQL query processing

Impact Prior to this fix, the GraphQL query parsing was vulnerable to StackOverflowErrors. The possibility of small queries resulting in stack overflow is a potential denial of service vulnerability. This potentially affects all applications using Grackle which have untrusted users. !CAUTION No...

Authorization Bypass

quarkus-smallrye-graphql is vulnerable to Authorization Bypass. The vulnerability is due to doHandle function in SmallRyeGraphQLOverWebSocketHandler.java file there are no checks to ensure that the user is authenticated or authorized to access the GraphQL endpoint. This allows an attacker to acce...

com.github.t1:wunderbar.demo.product (>=2.4.8 <=2.4.9), io.quarkiverse.githubaction:quarkus-github-action (>=0.9.1 <=0.9.2) +19 more potentially affected by CVE-2023-6394 via io.quarkus:quarkus-smallrye-graphql-client (>=2.0.0.Alpha3 <=2.13.8.Final)

io.quarkus:quarkus-smallrye-graphql-client MAVEN version =2.0.0.Alpha3, =2.4.8, =0.9.1, =0.9.1, =0.9.1, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =2.0.0, =2.0.0.Alpha3, =2.13.8.Final and more Source cves: CVE-2023-6394...

com.github.t1:wunderbar.demo.product (>=2.2.0 <=3.5.1), io.github.chains-project:maven-lockfile-github-action (>=1.0.1 <=5.5.1) +24 more potentially affected by CVE-2023-6394 via io.quarkus:quarkus-smallrye-graphql-client (>=2.14.0.CR1 <=3.5.2)

io.quarkus:quarkus-smallrye-graphql-client MAVEN version =2.14.0.CR1, =2.2.0, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =1.0.1, =1.3.0, =1.8.0, =1.8.0, =1.3.0, =1.3.0, =1.7.4, =1.8.0, =1.3.0, =1.3.0, =2.14.1 and more Source cves: CVE-2023-6394https://v...

Authorization bypass in Quarkus

A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and...

CVE-2023-6394

A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and...