PT-2023-32969 · S42.App · S42.App

Name of the Vulnerable Software and Affected Versions: s42.app affected versions not specified Description: A security issue has been identified in the GraphQL parser used by the API of s42.app, allowing an attacker to overload the parser and cause the API pod to crash. By sending a specially...

CVE-2023-28877

The CVE concerns the VTEX [email protected] GraphQL API module, where unauthorized access to private configuration data is not properly restricted. The issue affects [email protected]; [email protected] is unaffected. The root cause is insufficient access controls exposing private configuration data...

Stud42 vulnerable to denial of service

Stud42's API is vulnerable to a denial of service because the API pod can be overloaded by the GraphQL parser...

CVE-2023-28867

A flaw was found in GraphQL Java. This issue may allow a malicious user to send a crafted GraphQL query that causes stack consumption, causing a denial of service...

com.atlassian:nadel (>=2022-01-19T23-18-30-adbad461 <=2024-01-23T04-58-06-b811e23f), com.atlassian:nadel-api (>=2022-01-19T23-18-30-adbad461 <=2022-03-22T05-05-01-a5d0b804) +4 more potentially affected by CVE-2023-28867 via com.graphql-java:graphql-java (>=0.0.0-2021-06-27T12-22-33-cd2bab76 <=0.0.0-2023-12-05T22-54-46-39d2155)

com.graphql-java:graphql-java MAVEN version =0.0.0-2021-06-27T12-22-33-cd2bab76, =2022-01-19T23-18-30-adbad461, =2022-01-19T23-18-30-adbad461, =2022-01-19T23-18-30-adbad461, =2022-01-19T23-18-30-adbad461, =2022-01-19T23-18-30-adbad461, =2022-04-05T04-35-54-29b76c29 -...

GHSA-P4QX-6W5P-4RJ2 GraphQL Java vulnerable to stack consumption

In GraphQL Java aka graphql-java before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135...

GraphQL Java vulnerable to stack consumption

In GraphQL Java aka graphql-java before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135...

CVE-2023-28867

In GraphQL Java aka graphql-java before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135...

CVE-2023-28867

In GraphQL Java aka graphql-java before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135...

Design/Logic Flaw

In GraphQL Java aka graphql-java before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135...

CVE-2023-28867

In GraphQL Java aka graphql-java before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135...

CVE-2023-28867

In GraphQL Java aka graphql-java before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135...

CVE-2023-28867

CVE-2023-28867 affects GraphQL Java (graphql-java) prior to 20.1; a specially crafted GraphQL query can cause stack consumption, leading to denial of service. Fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135. IBM and ENISA-related bulletins corroborate a DoS condit...

PT-2023-22016 · Unknown · Graphql-Java

Name of the Vulnerable Software and Affected Versions: graphql-java versions prior to 20.1 graphql-java versions prior to 19.4 graphql-java versions prior to 18.4 graphql-java versions prior to 17.5 Description: An attacker can send a crafted GraphQL query that causes stack consumption. The issue...

Waf-Bypass - Check Your WAF Before An Attacker Does

WAF bypass Tool is an open source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker does. WAF Bypass Tool is developed by Nemesida WAF team with the participation of community. How to run I...

GraphQL Java 安全漏洞

GraphQL Java is GraphQL Java open source a GraphQL Java implementation . Query language and server-side runtime for application programming interfaces APIs. A security vulnerability exists in versions of GraphQL Java prior to 20.1 that stems from an attacker's ability to send crafted GraphQL...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Ibexa Ezplatform-Graphql

CVE-2022-41876 - eZ Platform user information disclosure A vu...

GHSA-67G8-C724-8MP3 DDOS attack on graphql endpoints

An attacker could use a specially crafted graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed and particularly large/complex graphql schemas. If your Silverstripe CMS project does not expose a public...

DDOS attack on graphql endpoints

An attacker could use a specially crafted graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed and particularly large/complex graphql schemas. If your Silverstripe CMS project does not expose a public...

CVE-2023-28104

silverstripe/graphql serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with...