3121 matches found
Authorization
Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints...
CVE-2023-46942
Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints...
CVE-2023-46942
CVE-2023-46942 affects the Node package @evershop/evershop, with versions prior to 1.0.0-rc.8. The root cause is a lack of authentication leading to improper authorization on GraphQL endpoints, allowing remote attackers to obtain sensitive information. The CVSS vector from NVD/CNA indicates a hig...
EverShop Security Breach
EverShop is a NodeJS e-commerce platform open-sourced by EverShop. A security vulnerability exists in EverShop versions prior to 1.0.0-rc.8 that stems from a lack of authentication. An attacker exploited the vulnerability to obtain sensitive information through incorrect authorization in a GraphQ...
PT-2024-13390 · Npm · @Evershop/Evershop
Name of the Vulnerable Software and Affected Versions: @evershop/evershop versions prior to 1.0.0-rc.8 Description: The issue is related to a lack of authentication in the @evershop/evershop package, which allows remote attackers to obtain sensitive information via improper authorization in Graph...
Security Bulletin: IBM Match 360 is vulnerable to a denial of service of GraphQL Java within IBM WebSphere Application Server Liberty (CVE-2023-28867)
Summary IBM Match 360 is vulnerable to a denial of service of GraphQL Java within IBM WebSphere Application Server Liberty.GraphQL Java is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially crafted GraphQL query, a remote attacker could exploit this...
HackerOne: View Titles of Private Reports with pending email invitation
A vulnerability was discovered where anonymous users could view the titles of private reports with pending email invitations for collaboration. This was possible by sending a GraphQL request or running JavaScript code while logged out. It only worked for anonymous users when the collaboration...
GitLab 13.0 < 14.3.6 / 14.4 < 14.4.4 / 14.5 < 14.5.2 (CVE-2021-39915)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 befor...
GitLab 13.8 < 13.9.7 / 13.10 < 13.10.4 / 13.11 < 13.11.12 (CVE-2021-22209)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed...
CVE-2023-50730
Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...
Stack overflow
Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...
CVE-2023-50730 Grackle has StackOverflowError in GraphQL query processing
Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...
CVE-2023-50730 Grackle has StackOverflowError in GraphQL query processing
Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...
CVE-2023-50730
CVE-2023-50730 affects Grackle, a Scala GraphQL server. The vulnerabilities arise from two stack-related issues: (1) cyclic GraphQL fragments could trigger a JVM StackOverflowError during type checking/compilation, and (2) the cats-parse recursive operator used in the parser isn’t stack-safe, ena...
CVE-2023-6690
A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed i...
Race condition
A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed i...
CVE-2023-6690
A race condition in GitHub Enterprise Server allows an existing admin to retain permissions on transferred repositories by mutating repository permissions via GraphQL during transfer. Affected: GitHub Enterprise Server v3.8.0 and later. Impact: persistence of admin permissions on transferred repo...
CVE-2023-6690
A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed i...
GitHub Enterprise Server Security Vulnerability
GitHub Enterprise Server is a U.S. GitHub open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.8.12, prior to...
PT-2023-32741 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.8.0 through 3.8.11 GitHub Enterprise Server versions 3.9.0 through 3.9.6 GitHub Enterprise Server versions 3.10.0 through 3.10.3 GitHub Enterprise Server versions 3.11.0 Description: A race condition in...