FreeBSD : Gitlab -- Multiple Vulnerabilities (43f84437-73ab-11ec-a587-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 43f84437-73ab-11ec-a587-001b217b3468 advisory. - Gitlab reports: Arbitrary file read via group import feature Stored XSS in notes Lack of sta...

Improper Authorization in saleor/saleor

Title GraphQL traversal due to missing permission checks Description orders and customers fields allow to access each other via nodes edges. However, connections don't check user's permissions, which allows, for instance, a staff with just Customers permissions get full information about the orde...

Mercurius code issue vulnerability

Mercurius is a GraphQL adapter Fastify . Mercurius 8.10.0 to 8.11.1 has a code issue vulnerability that could be exploited by an attacker to cause a denial of service attack...

CVE-2021-43801

Mercurius is a GraphQL adapter for Fastify. Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. The vulnerability has been fixed in...

CVE-2021-43801

Mercurius is a GraphQL adapter for Fastify. Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. The vulnerability has been fixed in...

Code injection

Mercurius is a GraphQL adapter for Fastify. Any users from email protected to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. The vulnerability has been fixed in...

CVE-2021-43801

Mercurius (GraphQL adapter for Fastify) versions 8.10.0–8.11.1 are vulnerable to a denial-of-service caused by sending a malformed JSON to /graphql. The issue is fixed in v8.11.2 (pull 678); a workaround is to use a custom error handler. No exploitation details are provided in the available docum...

CVE-2021-43801 Uncaught Exception in mercurius

Mercurius is a GraphQL adapter for Fastify. Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. The vulnerability has been fixed in...

CVE-2021-39915

Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects...

CVE-2021-39915

Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects...

CVE-2021-39915

Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects...

Improper access control

Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects...

UBUNTU-CVE-2021-39915

Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects...

CVE-2021-39915

CVE-2021-39915: GitLab CE/EE GraphQL API has improper access control that lets an attacker view the names of project access tokens on arbitrary projects. Affected: GitLab versions starting from 13.0 up to before 14.3.6, 14.4 before 14.4.4, and 14.5 before 14.5.2. Remediation per sources is to upg...

CVE-2021-39915

Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects...

CVE-2021-39915

Removed by vendor...

PT-2021-22761 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.0 through 14.3.6 GitLab CE/EE versions 14.4 through 14.4.4 GitLab CE/EE versions 14.5 through 14.5.2 Description: The issue is related to improper access control in the GraphQL API, allowing an attacker to see the nam...

Mercurius 代码问题漏洞

Mercurius is a GraphQL adapter Fastify . Mercurius 8.10.0 to 8.11.1 has a code issue vulnerability that could be exploited by an attacker to cause a denial of service attack...

FreeBSD : Gitlab -- Multiple Vulnerabilities (b299417a-5725-11ec-a587-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b299417a-5725-11ec-a587-001b217b3468 advisory. - Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4...

Exploit for Cross-site Scripting in Prisma Graphql-Playground-Html

This is a PoC exploit for CVE-2020-4038, an XSS Reflection attack vulnerability in the GraphQL Playground repository. The vulnerability is present in the graphql-playground-html package, which is used by several other packages, including graphql-playground-express, graphql-playground-koa,...