CVE-2023-26144

A flaw was found in the graphql package. Affected versions of this package are vulnerable to Denial of Service DoS due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This issue may allow an attacker to degrade system performance...

Drupal Cache Poisoning Vulnerability (SA-CORE-2023-006) - Linux

Drupal is prone to a cache poisoning vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

com.introproventures:graphql-jpa-query-test-boot-starter (>=1.1.0 <=1.1.3), com.introproventures:graphql-jpa-query-test-multiple-datasources (>=1.1.0 <=1.1.3) +16 more potentially affected by CVE-2023-34047 via org.springframework.graphql:spring-graphql (>=1.2.0 <=1.2.2)

org.springframework.graphql:spring-graphql MAVEN version =1.2.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.11.0, =1.11.0, =1.1.0, =7.19.2, =4.6.0, =4.6.0, =4.6.0, =4.6.3, =4.6.0, =4.6.0, =4.6.5 and more Source cves: CVE-2023-34047 Source advisory:...

com.introproventures:graphql-jpa-query-test-boot-starter (=1.0.0), com.introproventures:graphql-jpa-query-test-multiple-datasources (=1.0.0) +11 more potentially affected by CVE-2023-34047 via org.springframework.graphql:spring-graphql (>=1.1.0 <=1.1.5)

org.springframework.graphql:spring-graphql MAVEN version =1.1.0, =1.0.0, =0.0.1, =7.16.0, =3.0.0, =1.1.0, =6.0.0, =1.0.0, =2.0.0-RELEASE Source cves: CVE-2023-34047 Source advisory: OSV:GHSA-FRQC-F2H8-FJVF...

Spring for GraphQL may be exposed to GraphQL context with values from a different session

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...

GHSA-FRQC-F2H8-FJVF Spring for GraphQL may be exposed to GraphQL context with values from a different session

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...

CVE-2023-34047

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...

CVE-2023-34047

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...

Code injection

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...

CVE-2023-34047 Exposure of data and identity to wrong session in Spring for GraphQL

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...

CVE-2023-34047

CVE-2023-34047 affects Spring GraphQL: vulnerable batches occur when registering batch loader functions with a DataLoaderOptions instance in versions 1.1.0–1.1.5 and 1.2.0–1.2.2. Root cause: a batch loader may be exposed to the GraphQL context with values from a different session, including secur...

CVE-2023-34047 Exposure of data and identity to wrong session in Spring for GraphQL

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...

graphql Uncontrolled Resource Consumption vulnerability

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service DoS due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. Note: It was not proven...

0xsodium (>=0.0.0 <=1.48.0), 3extensions (=1.0.1) +967 more potentially affected by CVE-2023-26144 via graphql (>=16.3.0 <=16.8.0)

graphql NPM version =16.3.0, =0.0.0, =0.0.1, =0.0.0, =0.0.0, =0.0.1, =1.16.13, =1.8.5, =1.1.12, =1.6.23, =1.16.6, =1.1.12, =1.8.5, =1.16.33, =1.0.0, =1.17.12-beta-20260420-075606-d7d7a9c7 and more Source cves: CVE-2023-26144 Source advisory: OSV:GHSA-9PV7-VFVM-6VR7...

GHSA-9PV7-VFVM-6VR7 graphql Uncontrolled Resource Consumption vulnerability

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service DoS due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. Note: It was not proven...

CVE-2023-26144

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service DoS due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. Note: It was not proven...

CVE-2023-26144

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service DoS due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. Note: It was not proven...

DEBIAN-CVE-2023-26144

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service DoS due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. Note: It was not proven...

Input validation

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service DoS due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. Note: It was not proven...

UBUNTU-CVE-2023-26144

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service DoS due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. Note: It was not proven...