Shopify: Staff can use BULK_OPERATIONS_FINISH webhook topic using Graphql without permissions all

I am reporting this because it looks like an authorization bug in GraphQL. A Staff member with no permissions on a Shopify Store may be able to create Webhooks with the webhookSubscriptionCreate mutation on BULKOPERATIONSFINISH webhook topic. POST...

Imperva An Eight-Time Magic Quadrant Leader for Web Application and API Protection

2021 has seen a lot of change. Billionaires now go where only governments and Red Bull gimmicks could go before. The 2020 Olympics didn’t take place in 2020. Tom Brady won his 7th Super Bowl for a completely new franchise those of you in the US get this reference. Similar change in application...

BatchQL - GraphQL Security Auditing Script With A Focus On Performing Batch GraphQL Queries And Mutations

BatchQL is a GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations. This script is not complex, and we welcome improvements. When exploring the problem space of GraphQL batching attacks, we found that there were a few blog posts on the internet, however n...

DRUPAL-CONTRIB-2021-029

This advisory addresses a similar issue to Drupal core - Moderately critical - Access bypass - SA-CORE-2021-008. The GraphQL module allows file uploads through its HTTP API. The module does not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be ab...

GraphQL - Moderately critical - Access bypass - SA-CONTRIB-2021-029

This advisory addresses a similar issue to Drupal core - Moderately critical - Access bypass - SA-CORE-2021-008. The GraphQL module allows file uploads through its HTTP API. The module does not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be ab...

Graphw00F - GraphQL fingerprinting tool for GQL endpoints

Credits to Nick Aleks for the logo! How does it work? graphw00f inspired by wafw00f is the GraphQL fingerprinting tool for GQL endpoints, it sends a mix of benign and malformed queries to determine the GraphQL engine running behind the scenes. graphw00f will provide insights into what security...

CVE-2021-36044

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field...

CVE-2021-36044

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field...

CVE-2021-36012

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of an item...

CVE-2021-36012

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of an item...

CVE-2021-36044 Magento Commerce GraphQL Improper Input Validation Could Lead To Denial Of Service

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field...

CVE-2021-36044

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability that allows an unauthenticated attacker to cause a server-side denial-of-service via a GraphQL field. The issue is rooted in input validation an...

CVE-2021-36012

CVE-2021-36012 describes a business-logic flaw in Magento Commerce’s placeOrder GraphQL mutation where an authenticated attacker can alter the price of an item, affecting Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier), and 2.3.7 (and earlier). The vulnerability stems from a...

CVE-2021-36012 Magento Commerce Gift Card Business Logic Error

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of an item...

GitLab: Improper access control for users with expired password, giving the user full access through API and Git

Summary Users with an "expired password" can still access the full API with tokens. This includes the REST API, GraphQL API and Git HTTP access. The same issue was mitigated in 13.12.2 as "Insufficient Expired Password Validation". That patch blocked users with expired passwords from accessing th...

GraphQL Interface Detected

GraphQL is an open-source query and manipulation language for APIs and a server-side runtime built to handle these queries on the application dataset. Some web applications provide a friendly user interface to help developers building GraphQL queries and get the results. The scanner detected the...

GraphQL Field Suggestions Detected

GraphQL is an open-source query and manipulation language for APIs and a server-side runtime built to handle these queries on the application dataset. By default, GraphQL has a feature which suggests field names to be used in the queries or mutations from the wrong ones provided in the received...

HackerOne: Information disclosure - Feedback is accessible on Public profile even after 'disallowed' at https://hackerone.com/settings/feedback

Summary: Hi team, I noticed one possible information disclosure scenario related to My Feedback managed at https://hackerone.com/settings/feedback Description: In current scenario even after uncheck the option "Show this blurb on my profile" I can access the feedback using one one requestPOST...

GraphQL Introspection Enabled

GraphQL is an open-source query and manipulation language for APIs and a server-side runtime built to handle these queries on the application dataset. GraphQL introspection allows to query all information related to the supported schema and queries on a GraphQL server instance. By leveraging this...

Coursera Flunks API Test in Researchers’ Security Exam

Researchers have discovered multiple application programming interface API issues in Coursera, the online learning platform used by 82 million learners and hundreds of Fortune 500 companies. On Thursday, the Checkmarx Security Research Team published a report on its findings, which included user...