3121 matches found
CVE-2024-50311
A denial of service DoS vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in o...
CVE-2024-50312
A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery ...
CVE-2024-50311
A denial of service DoS vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in o...
CVE-2024-50312
A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery ...
CVE-2024-50312 Graphql: information disclosure via graphql introspection in openshift
A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery ...
CVE-2024-50312
CVE-2024-50312 is an Information Disclosure via GraphQL Introspection vulnerability in OpenShift. The connected Red Hat advisory notes that OpenShift Container Platform 4.x releases including 4.16.30 and 4.17.12 were patched to fix this issue, which allowed unauthorized users to enumerate availab...
CVE-2024-50312 Graphql: information disclosure via graphql introspection in openshift
A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery ...
CVE-2024-50311 Graphql: denial of service (dos) vulnerability via graphql batching
A denial of service DoS vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in o...
CVE-2024-50311
CVE-2024-50311 affects OpenShift GraphQL batching, causing DoS through requests with thousands of aliases. Red Hat’s advisory RHSA-2024:6122 confirms a security update for OpenShift Container Platform 4.18.1 that addresses this issue; the CVSS base score is MEDIUM with availability impact. The af...
CVE-2024-50311 Graphql: denial of service (dos) vulnerability via graphql batching
A denial of service DoS vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in o...
CVE-2024-50312
A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery ...
CVE-2024-50311
A denial of service DoS vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in o...
Red Hat OpenShift 信息泄露漏洞
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying, and running applications. An information disclosure vulnerability exists in Red Hat OpenShift that stems from improper access control to GraphQL introspection...
PT-2024-34133 · Graphql +1 · Graphql +1
Name of the Vulnerable Software and Affected Versions: GraphQL affected versions not specified Description: A vulnerability was found in GraphQL due to improper access controls on the graphql introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available...
ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.112.0), ai.ancf.lmos:arc-runner (>=0.1.1 <=0.112.0) +4775 more potentially affected by CVE-2024-38820 via org.springframework:spring-web (>=6.1.0 <=6.1.13)
org.springframework:spring-web MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.7 and more Source cves: CVE-2024-38820 Source advisory: OSV:GHSA-4GC7-5J7H-4QPH...
Zimbra Collaboration Server 9.0.0 < 9.0.0 Patch 42, 10.0 < 10.0.10, 10.1.0 < 10.1.2 CSRF
According to its self-reported version number, Zimbra Collaboration Server is affected by a cross-site request forgery by disabling GraphQL GET methods via localconfig. A new local config attribute, zimbragqlenabledangerousdeprecatedgetmethodwillberemoved, has been introduced to control these...
Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this vulnerability in that the target must open a malicious email message. The specific flaw exists within the implementation of the graphql...
graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java
A vulnerability was found in GraphQL Java, affecting versions prior to 21.5. This flaw allows an attacker to perform a denial of service DoS attack via introspection queries. The issue arises due to the improper handling of ExecutableNormalizedFields ENFs, which are not adequately considered duri...
Critical: Red Hat Security Advisory: Red Hat build of Quarkus 3.2.12.SP1 Security Update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...
Critical: Red Hat Security Advisory: Red Hat build of Quarkus 3.8.6.SP1 Security Update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...