3125 matches found
Design/Logic Flaw
silverstripe/graphql serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with...
CVE-2023-28104 silverstripe/graphql Denial of Service vulnerability
silverstripe/graphql serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with...
CVE-2023-28104
CVE-2023-28104 affects silverstripe/graphql. In versions 4.2.2 and 4.1.1, a specially crafted GraphQL query could cause a denial-of-service against websites with publicly exposed GraphQL endpoints, especially those with large/complex schemas. Impact is denial of service affecting availability; re...
CVE-2023-28104 silverstripe/graphql Denial of Service vulnerability
silverstripe/graphql serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with...
CVE-2023-28104 silverstripe/graphql Denial of Service vulnerability
silverstripe/graphql serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with...
Silverstripe CMS GraphQL Server 安全漏洞
Silverstripe CMS GraphQL Server is a tool that makes SilverStripe data available as a GraphQL representation. A security vulnerability exists in Silverstripe CMS GraphQL Server versions 4.2.2 and 4.1.1. An attacker exploiting this vulnerability could perform a denial-of-service attack against a...
CVE-2023-28104 DDOS attack on graphql endpoints
More info at https://www.silverstripe.org/download/security-releases/CVE-2023-28104...
CVE-2023-27588
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects...
Path traversal
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects...
CVE-2023-27588 Unauthenticated path traversal vulnerability in Hasura GraphQL Engine
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects...
CVE-2023-27588 Unauthenticated path traversal vulnerability in Hasura GraphQL Engine
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects...
CVE-2023-27588
CVE-2023-27588 describes an unauthenticated path traversal vulnerability in Hasura GraphQL Engine. Affected are self-hosted Hasura deployments that are publicly exposed and not protected by a WAF or HTTP protections; Hasura Cloud deployments are not vulnerable. The issue is triggered by improper ...
CVE-2023-27588 Unauthenticated path traversal vulnerability in Hasura GraphQL Engine
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects...
Hasura GraphQL Engine 路径遍历漏洞
Hasura GraphQL Engine is a very fast GraphQL server from Hasura open source. A security vulnerability exists in Hasura GraphQL Engine that stems from a path traversal vulnerability...
PT-2023-21229 · Hasura · Hasura Graphql Engine
Name of the Vulnerable Software and Affected Versions: Hasura GraphQL Engine versions prior to 1.3.4 Hasura GraphQL Engine versions prior to 2.55.1 Hasura GraphQL Engine versions prior to 2.20.1 Hasura GraphQL Engine versions prior to 2.21.0-beta1 Description: A path traversal vulnerability has...
Graphicator - A GraphQL Enumeration And Extraction Tool
Graphicator is a GraphQL "scraper" / extractor. The tool iterates over the introspection document returned by the targeted GraphQL endpoint, and then re-structures the schema in an internal form so it can re-create the supported queries. When such queries are created is using them to send request...
Instropection query is enabled on demo.pimcore.fun
Description Introspection is enabled on the demo.pimcore.fun. demo site has graphql feature for users but via that graphql endpoint attacker can run the instropection queries. which makes the vulnerable. Proof of Concept Just visit the link...
CVE-2023-26052
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated...
CVE-2023-26051
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated...
Information disclosure
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated...