Malicious code in x3-stock-graphql-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 80cd5e1c9d72642b5cf61b5bf0d49e2b32267885c173a08e5bb0ef28124885e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-7260 Malicious code in x3-stock-graphql-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 80cd5e1c9d72642b5cf61b5bf0d49e2b32267885c173a08e5bb0ef28124885e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @sfcc-core/core-graphql (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a0a9e189f0e17b4410de77d0ad249257289e7c84350015968cae5a1e1320f17 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @fbsystem/figma-graphql (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ffcdcbc9429c0fa805533c9d10c14de74d0e13ff69d006e033802a11ac00733b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-266 Malicious code in @fbsystem/figma-graphql (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ffcdcbc9429c0fa805533c9d10c14de74d0e13ff69d006e033802a11ac00733b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fb-graphql-compiler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 986d803ee022c130857a432483f2147e7caa097ff439a76940df7022e64e588f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2974 Malicious code in fb-graphql-compiler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 986d803ee022c130857a432483f2147e7caa097ff439a76940df7022e64e588f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Spring Tips: Learn Spring for GraphQL (parts 5 and 6 of an ongoing series)

Hi, Spring fans! In thi^^^ these installments, we continue our series introducing the Spring for GraphQL project. This series features Spring for GraphQL lead Rossen Stoyanchev @rstoya05 - whose work you may know from basically everything in the wide and wonderful world of Springdom having to do...

CVE-2022-25863

The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible whe...

Deserialization of untrusted data

The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible whe...

Spring Tips: Learn Spring for GraphQL (parts 3 and 4 of an ongoing series)

Hi, Spring fans! In thi^^^ these installments, we continue our series introducing the Spring for GraphQL project. This series features Spring for GraphQL lead Rossen Stoyanchev @rstoya05 - whose work you may know from basically everything in the wide and wonderful world of Springdom having to do...

This Week in Spring - June 7th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Ive just landed in tantalizing Toronto, Canada, for the SpringOne Tour Toronto show. Im so excited to be here, at long last, after so long away from one of my favorite countries. Ill be doing two talks - my usual, Kubernetes...

Spring Tips: Learn Spring for GraphQL (parts 1 and 2 of an ongoing series)

Hi, Spring fans! In thi^^^ these installments, we begin a new series introducing the Spring for GraphQL project. In this first installment, GraphQL Java lead Andi Marek @andimarek and I @starbuxman look at the basics of using the GraphQL Java engine that underpins Spring for GraphQL. In this seco...

PT-2022-3650 · Red Hat · Red Hat Advanced Cluster Security For Kubernetes

Name of the Vulnerable Software and Affected Versions: Red Hat Advanced Cluster Security for Kubernetes affected versions not specified Description: A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes, related to insufficient protection of service data in the GraphQL API. Thi...

GHSA-3F97-7PGV-GMGR Magento affected by a business logic error in the placeOrder graphql mutation

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of an item...

GHSA-WR57-3H2F-3Q95 Magento affected by a server-side denial-of-service using a GraphQL field

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field...

Magento affected by a server-side denial-of-service using a GraphQL field

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field...

Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are affected by a cross-site request forgery CSRF vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer metadata by an unauthenticated attacker. Access to the...

GHSA-H4XC-577P-HGJ9 Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are affected by a cross-site request forgery CSRF vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer metadata by an unauthenticated attacker. Access to the...

GHSA-589Q-75R3-MFQ4 Silverstripe has Incorrect Default Permissions

SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited...