CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Node.js•added 2020/06/05 8:20 p.m.•17 views

Information Exposure

Overview Versions of apollo-server-lambda prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relatio...

Node.js•added 2020/06/05 7:51 p.m.•18 views

Information Exposure

Overview Versions of apollo-server-hapi prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relations...

Node.js•added 2020/06/05 7:50 p.m.•15 views

Information Exposure

Overview Versions of apollo-server-express prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their...

Node.js•added 2020/06/05 7:50 p.m.•18 views

Information Exposure

Overview Versions of apollo-server-cloudflare prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their...

Node.js•added 2020/06/05 7:50 p.m.•16 views

Information Exposure

Overview Versions of apollo-server-cloud-functions prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, thei...

Node.js•added 2020/06/05 7:49 p.m.•14 views

Information Exposure

Overview Versions of apollo-server-core prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relations...

Node.js•added 2020/06/05 7:49 p.m.•17 views

Information Exposure

Overview Versions of apollo-server-cache-memcached prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, thei...

Node.js•added 2020/06/05 7:48 p.m.•22 views

Information Exposure

Overview Versions of apollo-server-azure-functions prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, thei...

Node.js•added 2020/06/05 7:47 p.m.•22 views

Information Exposure

Overview Versions of apollo-server prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relations and...

vulnersOsv•added 2020/06/05 7:38 p.m.•7 views

@aifedespaix/fdp-api-libs (=1.0.7), @jovercao/egg-graphql (>=0.1.0 <=0.1.13) +1 more potentially affected by unknown CVE via apollo-server-cache-memcached (=0.6.7)

apollo-server-cache-memcached NPM version =0.6.7 is affected by a known vulnerability. The following packages have a transitive dependency on apollo-server-cache-memcached and may be impacted: - @aifedespaix/fdp-api-libs =1.0.7 - @jovercao/egg-graphql =0.1.0, =0.0.58-alpha.6, =0.0.58-alpha.17...

5.8AI score

Hacker One•added 2020/05/29 7:23 a.m.•25 views

X (Formerly Twitter): Private list members disclosure via GraphQL

Summary: Due to improper queries of GraphQL, the attacker can steal members of the private list. Description: Twitter implements a unique GraphQL endpoint, which can use only the queries that Twitter specified. However, there is a flaw in the backend...

6.6AI score

Hacker One•added 2020/05/25 7:14 p.m.•24 views

Shopify: OrderListInitial leaks order details

Hello, During my investigation I have noticed that OrderListInitial graphql operation is leaking more information that it suppose to be for a staff with "Customer" only permission. Normally the graphql call is as below. POST /admin/internal/web/graphql/core HTTP/1.1...

0.7AI score

Hacker One•added 2020/05/19 1:47 a.m.•42 views

HackerOne: GraphQL field on Team node can be used to determine if External Program runs invite-only program

On 19th May, A new parameter policymarkdownhtml been introduced inside the team Graphql query. Using Graphql query, We can able to determine External program running privately on Hackerone as policymarkdownhtml parameter was able to fetch private internal policy. Note: Using this parameter, it wa...

0.8AI score

Wallarm Lab•added 2020/05/18 9:18 p.m.•82 views

Securing GraphQL API

Introduction to GraphQL Representational state transfer REST APIs are the most popular type of API. However, GraphQL is rapidly growing in popularity as a competitor to REST. GraphQL is a meta-layer with built-in query language to access object-oriented data. It’s based on JSON-encoded HTTP...

0.5AI score

Hacker One•added 2020/05/12 1:5 p.m.•150 views

HackerOne: Unauthorized access to metadata of undisclosed reports that were retested

Summary: reportretests object in User node discloses some information about undisclosed report Description: An attacker can get some infomation such as "assetname" , "assettype" , "severityrating" , "weaknessname" of undisclosed report Steps To Reproduce 1. Invoke the below graphql call POST...

Hacker One•added 2020/04/29 9:2 p.m.•45 views

Nuri: GraphQL introspection query works through unauthenticated WebSocket

Summary: It is possible to execute GraphQL introspection query through unauthenticated WebSocket connection. PoC included. Steps To Reproduce: To simplify reproducing I provided a simple html PoC file. 1. Start python static http server in directory with poc file: python3 -m http.server this step...

1AI score

Hacker One•added 2020/04/24 1:57 p.m.•16 views

GitLab: Insufficient Type Check on GraphQL leading to Maintainer delete repository

Summary As you have know, Maintainer cannot delete/archive repository. But via GraphQL, they can do as there exists an sufficient check on GraphQL API app/graphql/mutations/snippets/destroy.rb ruby def resolveid: snippet = authorizedfind!id: id response = ::Snippets::DestroyService.newcurrentuser...

0.5AI score