Denial Of Service (DOS)

github.com/ethereum/go-ethereum is vulnerable to Denial of Service. This vulnerability exists when --http --graphql is used which allows an attacker to cause an application crash via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand...

GitHub: RC Between GitHub's Repo Transfer REST API and updateTeamsRepository GraphQL Mutation Results in Covert and Persistent Admin Access Retention

A race condition was discovered in GitHub Enterprise Server that allowed an administrator to retain access permissions on repositories after transfer. This was possible by manipulating repository permissions through a GraphQL mutation during the transfer process. The vulnerability affected GitHub...

GHSA-V9JH-J8PX-98VQ go-ethereum vulnerable to denial of service via crafted GraphQL query

Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...

go-ethereum vulnerable to denial of service via crafted GraphQL query

Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...

CVE-2023-42319

Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...

CVE-2023-42319

Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...

CVE-2023-42319

Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...

Code injection

Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...

Distributed Denial Of Service (DDoS)

silverstripe/graphql is vulnerable to Distributed Denial Of Service attacks. The vulnerability is due to publicly exposed graphql schemas because it does not properly validate recursive queries, allowing an attacker to send recursive queries into the system...

CVE-2023-42319

Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...

Geth Security Breach

Geth is a library in the Geth open source. A security vulnerability exists in Geth 1.13.4 and earlier versions that stems from allowing an attacker to cause a denial of service DOS via a specially crafted graphql query...

CVE-2023-42319

CVE-2023-42319 affects Geth (go-ethereum) up to v1.13.4 when running with --http and --graphql. The vulnerability allows remote attackers to trigger a denial of service by sending a crafted GraphQL query, leading to memory exhaustion and a daemon hang. The issue is a DoS condition caused by how t...

GHSA-V23W-PPPM-JH66 Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries

Impact An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user accou...

Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries

Impact An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user accou...

PT-2023-28313 · Ethereum · Geth

Name of the Vulnerable Software and Affected Versions: Geth aka go-ethereum versions 1.13.4 and earlier Description: The issue allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query when --http --graphql is used. The vendor's position i...

CVE-2023-40180

silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...

Design/Logic Flaw

silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...

CVE-2023-40180 Denial of service vulnerability in silverstripe-graphql via recursive queries

silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...

CVE-2023-40180

The CVE-2023-40180 issue affects silverstripe-graphql, where publicly exposed GraphQL schemas can be abused by recursive queries to trigger a Denial of Service. The root cause is lack of validation for recursive/complex queries, enabling high-resource consumption on affected sites (especially wit...

CVE-2023-40180 Denial of service vulnerability in silverstripe-graphql via recursive queries

silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...