3121 matches found
CVE-2024-40094
GraphQL Java aka graphql-java before 21.5 does not properly consider ExecutableNormalizedFields ENFs as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions...
CVE-2024-40094
GraphQL Java aka graphql-java before 21.5 does not properly consider ExecutableNormalizedFields ENFs as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions...
CVE-2024-40094
GraphQL Java aka graphql-java before 21.5 does not properly consider ExecutableNormalizedFields ENFs as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions...
GraphQL Java 安全漏洞
GraphQL Java is a GraphQL Java implementation of the GraphQL Java open source. Query language and server-side runtime for application programming interfaces APIs. A security vulnerability exists in GraphQL Java versions prior to 21.5 that stems from not properly considering...
PT-2024-28780
Name of the Vulnerable Software and Affected Versions GraphQL Java versions prior to 21.5 GraphQL Java version 20.9 GraphQL Java version 19.11 Description The issue is related to the improper consideration of ExecutableNormalizedFields ENFs in preventing denial of service via introspection querie...
CVE-2024-40094
GraphQL Java aka graphql-java before 21.5 does not properly consider ExecutableNormalizedFields ENFs as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions...
CVE-2024-40094
CVE-2024-40094 relates to GraphQL Java (graphql-java) where versions before 21.5 do not adequately consider ExecutableNormalizedFields to prevent DoS via introspection queries. Publicly documented fixes include 20.9 and 19.11. IBM- and Circl-sourced entries confirm the CVE details and provide rem...
How Can Deliberately Flawed APIs Help In Mastering API Security?
In our recent webinar recent webinar title 'A CISO’s Checklist for Securing APIs and Applications', we delved into the concept of creating an API security playground tailored for both developer and security teams. The core idea revolves around utilizing intentionally vulnerable APIs as training...
How Can Deliberately Flawed APIs Help In Mastering API Security?
In our recent webinar recent webinar title 'A CISO’s Checklist for Securing APIs and Applications', we delved into the concept of creating an API security playground tailored for both developer and security teams. The core idea revolves around utilizing intentionally vulnerable APIs as training...
Two of Wallarm’s Open-source Tools Have Been Accepted into Black Hat Arsenal 2024
We're gearing up with some seriously cool stuff for Black Hat! But first, a little sneak peek - not just one, but TWO of Wallarm's open-source tools will be featured in the Arsenal showcase at Black Hat USA this year. Black Hat Arsenal unites researchers and the open-source community to display...
This Week in Spring - July 16th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the middle of July! I can't believe it! Things have been just rushing by! did you see this awesome talk on observability by Tommy Ludwig and Jonatan Ivanov from Spring IO 2024? What is a ReadWriteLock? Spring for GraphQL...
Denial Of Service (DoS)
Directus is vulnerable to Denial Of Service DoS. The vulnerability is due to field duplication in GraphQL, where an attacker can overwhelm the server by requesting the same field multiple times in a single query, leading to excessive resource consumption and denial of service for legitimate users...
GHSA-7HMH-PFRP-VCX4 Directus GraphQL Field Duplication Denial of Service (DoS)
Summary A denial of service DoS attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single query. This can cause the server to perform redundant computations and...
Directus GraphQL Field Duplication Denial of Service (DoS)
Summary A denial of service DoS attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single query. This can cause the server to perform redundant computations and...
CVE-2024-39895
Directus is a real-time API and App dashboard for managing SQL database content. A denial of service DoS attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single...
CVE-2024-39895 Directus GraphQL Field Duplication Denial of Service (DoS)
Directus is a real-time API and App dashboard for managing SQL database content. A denial of service DoS attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single...
CVE-2024-39895
Directus (graph-based API) is affected by a DoS via GraphQL field duplication. An attacker can craft a query to duplicate fields (e.g., GraphQL /graphql calls in dashboards), causing excessive resource usage and service unavailability. The vulnerability is fixed in Directus 10.12.0. Remediation: ...
CVE-2024-39895 Directus GraphQL Field Duplication Denial of Service (DoS)
Directus is a real-time API and App dashboard for managing SQL database content. A denial of service DoS attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single...
CVE-2024-39895 Directus GraphQL Field Duplication Denial of Service (DoS)
Directus is a real-time API and App dashboard for managing SQL database content. A denial of service DoS attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single...
PT-2024-28713
Name of the Vulnerable Software and Affected Versions Directus versions prior to 10.12.0 Description A denial of service DoS attack by field duplication in GraphQL is possible, where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times ...