Gitlab -- Multiple vulnerabilities

Gitlab reports: Stored XSS in merge request Stored XSS in epic's pages Sensitive GraphQL variables exposed in structured log Guest user can see tag names in private projects Information disclosure via error message DNS rebinding protection bypass Validate existence of private project...

Shopify: [h1-2102] [Yaworski's Broskis] Low privilege user can read POS PINs via graphql and elevate his privilege

Summary: A low privilege user both in the shop and in the POS can read POS PINs via graphql and elevate his privilege with a physical access to the POS. Steps To Reproduce: 1. Log in to your shop and install the POS app https://apps.shopify.com/shopify-pos 2. Log in Shopify Plus as an org owner a...

GHSA-VHHW-XJVF-WPRR Command Injection in @graphql-tools/git-loader

This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection...

@corejam/base (>=0.0.1 <=0.0.2), @corejam/cli (>=0.0.1 <=0.0.5) +27 more potentially affected by CVE-2021-23326 via @graphql-tools/git-loader (>=6.0.0-alpha.1 <=6.2.6-alpha-9e1fc254.0)

@graphql-tools/git-loader NPM version =6.0.0-alpha.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =6.0.15, =4.0.1-alpha-0a0f697.0, =4.0.1-alpha-0a0f697.0, =1.13.6-alpha-c74c7b7d.14, =0.0.0-canary.02a53c5, =0.0.1, =1.0.5, =0.0.24, =0.1.0, =1.29.0, =2.0.0-alpha.36 and more Source cves: CVE-2021-23326 Source...

Command Injection in @graphql-tools/git-loader

This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection...

Shopify: [h1-2102] Stored XSS in product description via `productUpdate` GraphQL query leads to XSS at handshake-web-internal.shopifycloud.com/products/[ID]

This is most likely going to be a duplicate, so I'll keep it short. A stored cross site scripting vulnerability exists at handshake-web-internal.shopifycloud.com through the product description field. Recruirements A shop with the Handshake plugin enabled and set-up Reproduction steps 1. Add a...

Shopify: [h1-2102] shopApps query from the graphql at /users/api returns all existing created apps, including private ones

Summary: I have seen that there is query called shopApps executable on the /ID/users/api graphql that returns a huge amount of apps it timeouts with a limiting. In the response I have noticed the returned apps also include the private apps, so I do not think that this is intented like this. Using...

Shopify: [h1-2102] [PLUS] User with Store Management Permission can Make enforceSamlOrganizationDomains call - that should be limited to User Management Only

Summary: PLUS User with Store Management Permission can Make enforceSamlOrganizationDomains call - that should be limited to User Management Only Description: User with Store management permission as shown in below screenshot F1168574 Should not have the ability to enforce SAML organization...

Shopify: [h1-2102] [Plus] User with Store Management Permission can Make convertUsersFromSaml/convertUsersToSaml - that should be limited to User Management

Summary: Plus User with Store Management Permission can Make convertUsersFromSaml/convertUsersToSaml - that should be limited to User Management Only Description: User with Store management permission - F1168487 only, is able to convert users account from SAML and to SAML using the graphql Impact...

Shopify: [h1-2102] [Plus] User with Store Management Permission can Make changeDomainEnforcementState - that should be limited to User Management Only

Summary: User with Store Management Permission can Make changeDomainEnforcementState - that should be limited to User Management Only Description: User with Store management permission - F1168470 only, is able to change user management settings using the graphql Steps To Reproduce: - - - - - As a...

The Guild Graphql Tools Command Injection Vulnerability

The Guild Graphql Tools is a tool from The Guild that generates graphql query statements based on a specific syntax. A command injection vulnerability exists in graphql-tools/git-loader prior to version 6.2.6, which stems from the use of exec and execSync in packages/loaders/git/src/load-git.ts t...

CVE-2021-23326

This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection...

Command injection

This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection...

CVE-2021-23326 Command Injection

This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection...

CVE-2021-23326

The CVE-2021-23326 entry applies to the package @graphql-tools/git-loader prior to 6.2.6. The vulnerability stems from the use of exec and execSync in packages/loaders/git/src/load-git.ts, enabling arbitrary command injection. Impact is described as potential command execution with the associated...

The Guild Graphql Tools 命令注入漏洞

The Guild Graphql Tools is a tool from The Guild that generates graphql query statements based on a specific syntax. A command injection vulnerability exists in graphql-tools/git-loader prior to version 6.2.6, which stems from the use of exec and execSync in packages/loaders/git/src/load-git.ts t...

@corejam/base (>=0.0.1 <=0.0.2), @corejam/cli (>=0.0.1 <=0.0.5) +27 more potentially affected by CVE-2021-23326 via @graphql-tools/git-loader (>=6.0.0-alpha.1 <=6.2.6-alpha-9e1fc254.0)

@graphql-tools/git-loader NPM version =6.0.0-alpha.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =6.0.15, =4.0.1-alpha-0a0f697.0, =4.0.1-alpha-0a0f697.0, =1.13.6-alpha-c74c7b7d.14, =0.0.0-canary.02a53c5, =0.0.1, =1.0.5, =0.0.24, =0.1.0, =1.29.0, =2.0.0-alpha.36 and more Source cves: CVE-2021-23326 Source...

PT-2021-4079 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.8 and later Description: The issue is related to improper validation of authorization tokens in GitLab, which can result in the execution of GraphQL mutations. This can potentially allow a remote attacker to impact da...

Apache SkyWalking Storage SQL Injection (CVE-2020-9483)

An SQL injection vulnerability exists in Apache SkyWalking H2 storage implementation. The vulnerability is due to insufficient validation of the user-supplied input for metadata query through GraphQL protocol...

Apache SkyWalking Storage SQL Injection (CVE-2020-13921)

An SQL injection vulnerability exists in Apache SkyWalking MySQL storage implementation. The vulnerability is due to insufficient validation of the user supplied input for wildcard alarm search query through GraphQL protocol...