GraphQL Java 安全漏洞

GraphQL Java is a GraphQL Java implementation of the GraphQL Java open source. Query language and server-side runtime for application programming interfaces APIs. A security vulnerability exists in GraphQL Java versions prior to 21.5 that stems from not properly considering...

Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access (CVE-2023-46158, CVE-2023-0482, CVE-2022-46364, CVE-2023-28867)

Summary Security Vulnerability fixes in IBM WebSphere Application Server Liberty and other components have been addressed in an update to IBM Security Verify Access. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could...

Security Bulletin: IBM Match 360 is vulnerable to a denial of service of GraphQL Java within IBM WebSphere Application Server Liberty (CVE-2023-28867)

Summary IBM Match 360 is vulnerable to a denial of service of GraphQL Java within IBM WebSphere Application Server Liberty.GraphQL Java is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially crafted GraphQL query, a remote attacker could exploit this...

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to denial of service due to IBM WebSphere Application Server Liberty (CVE-2023-28867)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details...

Security Bulletin: IBM Storage Protect Operations Center is vulnerable to denial of service due to Websphere Application Server Liberty ( CVE-2023-28867 )

Summary IBM Storage Protect Operations Center uses Liberty and may be vulnerable. Vulnerability Details CVEID:CVE-2023-28867 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially crafted GraphQL query, a remote attacker cou...

Security Bulletin: GraphQL Java component is vulnerable to CVE-2023-28867 is used by IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses GraphQL Java package which is vulnerable to CVE-2023-28867. Vulnerability Details CVEID:CVE-2023-28867 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially crafted GraphQL query, a...

Security Bulletin: IBM PowerVM Novalink is vulnerable because GraphQL Java is vulnerable to a denial of service, caused by a stack-based buffer overflow. (CVE-2023-28867)

Summary IBM PowerVM Novalink is vulnerable because GraphQL Java is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially crafted GraphQL query, a remote attacker could exploit this vulnerability to cause a stack consumption. Vulnerability Details...

Security Bulletin: CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard

Summary Summary: CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-28867 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by a...

Security Bulletin: CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM TXSeries for Multiplatforms

Summary CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-28867 DESCRIPTION: GraphQL Java is vulnerable to a denial of service,...

Security Bulletin: CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Advanced

Summary CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-28867 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by a stack-based...

Security Bulletin: Vulnerabilities have been identified in OpenSSL, Apache HTTP Server and other system libraries shipped with the DS8000 Hardware Management Console (HMC)

Summary IBM DS8900 Management Console is affected by Open Source expat CVE-2022-43680, libxml2 CVE-2022-40303, CVE-2022-40304, dbus CVE-2022-42010, CVE-2022-42011, CVE-2022-42012, httpd CVE-2023-25690, systemd CVE-2022-4415, OpenSSL CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286,...

Security Bulletin: There is a vulnerability in GraphQL Java used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-28867)

Summary There is a vulnerability in GraphQL Java used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-28867 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially crafte...

graphql-java: crafted GraphQL query causes stack consumption

A flaw was found in GraphQL Java. This issue may allow a malicious user to send a crafted GraphQL query that causes stack consumption, causing a denial of service...

Important: Red Hat Security Advisory: Service Registry (container images) release and security update [2.4.3 GA]

An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to GraphQL Java (CVE-2023-28867)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to GraphQL Java CVE-2023-28867 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service due to GraphQL Java (CVE-2023-28867)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service due to GraphQL Java CVE-2023-28867 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Version...

Denial Of Services (DoS)

graphql-java is vulnerable to Denial Of Services DoS. An attacker can send a maliciously crafted GraphQL query that causes excessive stack consumption, which can lead to an application crash...

CVE-2023-28867

A flaw was found in GraphQL Java. This issue may allow a malicious user to send a crafted GraphQL query that causes stack consumption, causing a denial of service...

com.atlassian:nadel (>=2022-01-19T23-18-30-adbad461 <=2024-01-23T04-58-06-b811e23f), com.atlassian:nadel-api (>=2022-01-19T23-18-30-adbad461 <=2022-03-22T05-05-01-a5d0b804) +4 more potentially affected by CVE-2023-28867 via com.graphql-java:graphql-java (>=0.0.0-2021-06-27T12-22-33-cd2bab76 <=0.0.0-2023-12-05T22-54-46-39d2155)

com.graphql-java:graphql-java MAVEN version =0.0.0-2021-06-27T12-22-33-cd2bab76, =2022-01-19T23-18-30-adbad461, =2022-01-19T23-18-30-adbad461, =2022-01-19T23-18-30-adbad461, =2022-01-19T23-18-30-adbad461, =2022-01-19T23-18-30-adbad461, =2022-04-05T04-35-54-29b76c29 -...

GHSA-P4QX-6W5P-4RJ2 GraphQL Java vulnerable to stack consumption

In GraphQL Java aka graphql-java before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135...