3121 matches found
EXNESS: GraphQL attribute Batching DOS can take down pwapi.ex2b.com
Summary: Hi team! I hope you are having a great day! pwapi.ex2b.com instances work with a GraphQL API. This GraphQL endpoint is at / and can be called by unauthenticated users. This Graphql endpoint allows you to perform a query with the same attribute multiple times on a single request. The more...
Stack Overflow
Grackle is vulnerable to Stack Overflow Vulnerability. The vulnerability is due to improper bound check while parsing graphql queries. This can lead to application crash resulting in Denial Of Service DOS...
edu.gemini:clue-generator_2.13 (>=0.12.0 <=0.35.4), edu.gemini:clue-macro_2.13 (>=0.2.2 <=0.12.2) +9 more potentially affected by CVE-2023-50730 via edu.gemini:gsp-graphql-core_2.13 (>=0.0.1 <=0.14.0)
edu.gemini:gsp-graphql-core2.13 MAVEN version =0.0.1, =0.12.0, =0.2.2, =0.0.18, =0.0.1, =0.10.0, =0.0.1, =0.0.2, =0.0.26, =0.0.26, =0.5.6, =0.6.6 Source cves: CVE-2023-50730 Source advisory: OSV:GHSA-G56X-7J6W-G8R8...
edu.gemini:gsp-graphql-circe_3 (>=0.0.47 <=0.14.0), edu.gemini:gsp-graphql-doobie-pg_3 (>=0.10.0 <=0.14.0) +7 more potentially affected by CVE-2023-50730 via edu.gemini:gsp-graphql-core_3 (>=0.0.47 <=0.14.0)
edu.gemini:gsp-graphql-core3 MAVEN version =0.0.47, =0.0.47, =0.10.0, =0.0.47, =0.0.48, =0.0.47, =0.0.47, =0.5.6, =0.5.0, =0.20.3 Source cves: CVE-2023-50730 Source advisory: OSV:GHSA-G56X-7J6W-G8R8...
edu.gemini:gsp-graphql-circe_native0.4_2.13 (>=0.13.0 <=0.14.0), edu.gemini:gsp-graphql-generic_native0.4_2.13 (>=0.13.0 <=0.14.0) +2 more potentially affected by CVE-2023-50730 via edu.gemini:gsp-graphql-core_native0.4_2.13 (>=0.13.0 <=0.14.0)
edu.gemini:gsp-graphql-corenative0.42.13 MAVEN version =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.14.0 Source cves: CVE-2023-50730 Source advisory: OSV:GHSA-G56X-7J6W-G8R8...
edu.gemini:gsp-graphql-circe_sjs1_2.13 (>=0.13.0 <=0.14.0), edu.gemini:gsp-graphql-generic_sjs1_2.13 (>=0.13.0 <=0.14.0) +2 more potentially affected by CVE-2023-50730 via edu.gemini:gsp-graphql-core_sjs1_2.13 (>=0.13.0 <=0.14.0)
edu.gemini:gsp-graphql-coresjs12.13 MAVEN version =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.14.0 Source cves: CVE-2023-50730 Source advisory: OSV:GHSA-G56X-7J6W-G8R8...
edu.gemini:gsp-graphql-circe_native0.4_3 (>=0.13.0 <=0.14.0), edu.gemini:gsp-graphql-generic_native0.4_3 (>=0.13.0 <=0.14.0) +2 more potentially affected by CVE-2023-50730 via edu.gemini:gsp-graphql-core_native0.4_3 (>=0.13.0 <=0.14.0)
edu.gemini:gsp-graphql-corenative0.43 MAVEN version =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.14.0 Source cves: CVE-2023-50730 Source advisory: OSV:GHSA-G56X-7J6W-G8R8...
edu.gemini:gsp-graphql-circe_sjs1_3 (>=0.13.0 <=0.14.0), edu.gemini:gsp-graphql-generic_sjs1_3 (>=0.13.0 <=0.14.0) +2 more potentially affected by CVE-2023-50730 via edu.gemini:gsp-graphql-core_sjs1_3 (>=0.13.0 <=0.14.0)
edu.gemini:gsp-graphql-coresjs13 MAVEN version =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.14.0 Source cves: CVE-2023-50730 Source advisory: OSV:GHSA-G56X-7J6W-G8R8...
Grackle has StackOverflowError in GraphQL query processing
Impact Prior to this fix, the GraphQL query parsing was vulnerable to StackOverflowErrors. The possibility of small queries resulting in stack overflow is a potential denial of service vulnerability. This potentially affects all applications using Grackle which have untrusted users. !CAUTION No...
Authorization Bypass
quarkus-smallrye-graphql is vulnerable to Authorization Bypass. The vulnerability is due to doHandle function in SmallRyeGraphQLOverWebSocketHandler.java file there are no checks to ensure that the user is authenticated or authorized to access the GraphQL endpoint. This allows an attacker to acce...
com.github.t1:wunderbar.demo.product (>=2.2.0 <=3.5.1), io.github.chains-project:maven-lockfile-github-action (>=1.0.1 <=5.5.1) +24 more potentially affected by CVE-2023-6394 via io.quarkus:quarkus-smallrye-graphql-client (>=2.14.0.CR1 <=3.5.2)
io.quarkus:quarkus-smallrye-graphql-client MAVEN version =2.14.0.CR1, =2.2.0, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =1.0.1, =1.3.0, =1.8.0, =1.8.0, =1.3.0, =1.3.0, =1.7.4, =1.8.0, =1.3.0, =1.3.0, =2.14.1 and more Source cves: CVE-2023-6394https://v...
com.github.t1:wunderbar.demo.product (>=2.4.8 <=2.4.9), io.quarkiverse.githubaction:quarkus-github-action (>=0.9.1 <=0.9.2) +19 more potentially affected by CVE-2023-6394 via io.quarkus:quarkus-smallrye-graphql-client (>=2.0.0.Alpha3 <=2.13.8.Final)
io.quarkus:quarkus-smallrye-graphql-client MAVEN version =2.0.0.Alpha3, =2.4.8, =0.9.1, =0.9.1, =0.9.1, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =2.0.0, =2.0.0.Alpha3, =2.13.8.Final and more Source cves: CVE-2023-6394...
Authorization bypass in Quarkus
A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and...
CVE-2023-6394
A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and...
CVE-2023-6394
A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and...
Authentication flaw
A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and...
CVE-2023-6394 Quarkus: graphql operations over websockets bypass
A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and...
CVE-2023-6394 Quarkus: graphql operations over websockets bypass
A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and...
CVE-2023-6394
A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and...
Quarkus Security Vulnerabilities
Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus that stems from when a request is received via websocket and role-based permissions are not specified on a GraphQL operation, Quarkus processes the request without...