Malicious code in graphql-optics (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2437 Malicious code in graphql-optics (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-37843

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint...

This Week in Spring - June 25th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this I'm in beautiful Amsterdam, having visited with customers and spoken at a local Java User Group. Now I'm off to lovely London, UK. Last week I was in Krakow, Poland, for the amazing Devoxx PL event, and in Par...

CVE-2024-37843

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint...

PT-2024-27777 · Craft Cms · Craft Cms

Name of the Vulnerable Software and Affected Versions: Craft CMS versions up to v3.7.31 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the "GraphQL API endpoint". There is no information provided about the estimated number of potentiall...

CVE-2024-37843

Craft CMS

Exploit for SQL Injection in Craftcms Craft_Cms

CVE-2024-37843-POC POC for CVE-2024-37843. Craft CMS time-base...

PT-2024-7260 · Zimbra · Zimbra Collaboration Suite

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite ZCS affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this issue, where th...

This Week in Spring - June 4th, 2024

Hi, Spring fans, from London! I'm in this fabulous country doing my level-headed best to refrain from dooing Mr. Bean bits, because, honestly, if I - an avid and prolific fan of Spring and its many beans - can't be "Mr. Bean," then I'm glad Rowan Atkinson is! I'm here for a SpringOne Tour event,...

silverstripe/graphql Cross-Site Request Forgery vulnerability

The GraphQL controller lacked any CSRF protection, meaning authenticated users could be forced or tricked into visiting a URL that would send a GET request to the affected web server that could mutate or destroy data without the user knowing...

GHSA-WJG9-V8CF-F5Q2 silverstripe/graphql Cross-Site Request Forgery vulnerability

The GraphQL controller lacked any CSRF protection, meaning authenticated users could be forced or tricked into visiting a URL that would send a GET request to the affected web server that could mutate or destroy data without the user knowing...

Improper Access Control

Mattermost is vulnerable to Improper Access Control. The vulnerability is due to a failure to perform proper access control, allowing a guest to retrieve metadata of a public playbook run linked to a channel they have guest access to via the RHSRuns GraphQL query...

PT-2024-40501 · Packagist · Silverstripe/Graphql

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue concerns a lack of CSRF protection in the GraphQL controller. This means that authenticated users could be forced or tricked into visiting a URL that sends a GET request to the...

CVE-2024-34152

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper access control which allows a guest to get the metadata of a public playbook run that linked to the channel they are guest via sending an RHSRuns GraphQL query request to the server...

CVE-2024-34152 Playbook Run Metadata leak to Guest

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper access control which allows a guest to get the metadata of a public playbook run that linked to the channel they are guest via sending an RHSRuns GraphQL query request to the server...

CVE-2024-34152 Playbook Run Metadata leak to Guest

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper access control which allows a guest to get the metadata of a public playbook run that linked to the channel they are guest via sending an RHSRuns GraphQL query request to the server...

PT-2024-25722 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 8.1.x through 8.1.12 Mattermost versions 9.5.x through 9.5.3 Mattermost versions 9.6.x through 9.6.1 Description: The issue is related to improper access control, allowing a guest to obtain metadata of a public playbook ru...

GitLab < 13.11.6 (CVE-2021-22228)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access contro...

GitLab 12.6 < 13.1.10 / 13.2 < 13.2.8 / 13.3 < 13.3.4 (CVE-2020-13317)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository. CVE-2020-13317 Note that...