3121 matches found
graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java
A vulnerability was found in GraphQL Java, affecting versions prior to 21.5. This flaw allows an attacker to perform a denial of service DoS attack via introspection queries. The issue arises due to the improper handling of ExecutableNormalizedFields ENFs, which are not adequately considered duri...
CVE-2024-6861
A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API. Mitigation To mitigate this...
apollo-gateway-rs (>=0.7.5 <=0.7.6), aqlgen (>=0.1.0 <=0.8.0) +83 more potentially affected by CVE-2024-47614 via async-graphql (>=1.13.4 <=6.0.11)
async-graphql CARGO version =1.13.4, =0.7.5, =0.1.0, =0.1.0, =0.1.0, =0.0.1-alpha+3, =0.1.0, =2.9.13, =4.0.3, =0.1.0-beta.0, =2.9.12, =0.2.0, =1.14.10, =0.1.0, =0.4.4 and more Source cves: CVE-2024-47614 Source advisory: OSV:GHSA-5GC2-7C65-8FQ8...
GHSA-5GC2-7C65-8FQ8 async-graphql Directive Overload
Impact - Service Disruption: The server may become unresponsive or extremely slow, potentially leading to downtime. - Resource Exhaustion: Excessive use of server resources, such as CPU and memory, could negatively impact other services running on the same infrastructure. - User Experience...
CVE-2024-47614
async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10...
CVE-2024-47614 async-graphql vulnerable to Directive Overload
async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10...
CVE-2024-47614
The CVE-2024-47614 issue affects the Rust GraphQL server library async-graphql prior to version 7.0.10 . The vulnerability arises because it does not limit the number of directives for a field, which can lead to Service Disruption , Resource Exhaustion , and degraded User Experience . Affected so...
CVE-2024-47614 async-graphql vulnerable to Directive Overload
async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10...
CVE-2024-47614 async-graphql vulnerable to Directive Overload
async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10...
PT-2024-32674
Name of the Vulnerable Software and Affected Versions async-graphql versions prior to 7.0.10 Description The issue is related to the async-graphql library, a GraphQL server implemented in Rust, where it does not limit the number of directives for a field. This can lead to Service Disruption,...
async-graphql 安全漏洞
async-graphql is a fully compliant high-performance graphql server library from the async-graphql open source. A security vulnerability exists in async-graphql versions prior to 7.0.10 that stems from the number of commands in an unrestricted field, which could lead to service disruption, resourc...
CVE-2024-40094
A vulnerability was found in GraphQL Java, affecting versions prior to 21.5. This flaw allows an attacker to perform a denial of service DoS attack via introspection queries. The issue arises due to the improper handling of ExecutableNormalizedFields ENFs, which are not adequately considered duri...
Cross-Site Request Forgery (CSRF)
strawberrygraphql is vulnerable to cross-site request forgery CSRF. The vulnerability is due to the default configuration of the Strawberry GraphQL library, which allows multipart file upload support without proper CSRF protection and exempted the integration from Django's built-in CSRF safeguard...
agent-evaluator (=0.7.8), arize-phoenix (>=0.0.33 <=2.11.1) +31 more potentially affected by CVE-2024-47082 via strawberry-graphql (>=0.202.1 <=0.242.0)
strawberry-graphql PYPI version =0.202.1, =0.0.33, =0.41.0, =1.2.0, =0.2.4, =0.2.6, =0.0.7, =0.5.0, =0.0.1, =0.0.1, =0.2.1, =0.1.0, =0.2.2, =0.5.19 and more Source cves: CVE-2024-47082 Source advisory: OSV:GHSA-79GP-Q4WV-33FR...
GHSA-79GP-Q4WV-33FR Cross-Site Request Forgery (CSRF) in strawberry-graphql
Impact Multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable to CSRF attacks if users did not explicitly enable CSRF preventing security...
agent-evaluator (=0.7.8), arize-phoenix (>=0.0.33 <=2.11.1) +31 more potentially affected by CVE-2024-47082 via strawberry-graphql (>=0.202.1 <=0.242.0)
strawberry-graphql PYPI version =0.202.1, =0.0.33, =0.41.0, =1.2.0, =0.2.4, =0.2.6, =0.0.7, =0.5.0, =0.0.1, =0.0.1, =0.2.1, =0.1.0, =0.2.2, =0.5.19 and more Source cves: CVE-2024-47082 Source advisory: OSV:PYSEC-2024-171...
PYSEC-2024-171
Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...
CVE-2024-47082
Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...
PYSEC-2024-171
Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...
CVE-2024-47082 Strawberry GraphQL Cross-Site Request Forgery (CSRF) vulnerability
Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...