Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3121 matches found

NVD
NVDadded 2023/10/18 6:15 a.m.18 views

CVE-2023-42319

Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...

7.5CVSS7.3AI score0.00887EPSS
Exploits1References2
Prion
Prionadded 2023/10/18 6:15 a.m.23 views

Code injection

Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...

5CVSS7.3AI score0.00887EPSS
Exploits1References2Affected Software1
Veracode
Veracodeadded 2023/10/18 6:2 a.m.20 views

Distributed Denial Of Service (DDoS)

silverstripe/graphql is vulnerable to Distributed Denial Of Service attacks. The vulnerability is due to publicly exposed graphql schemas because it does not properly validate recursive queries, allowing an attacker to send recursive queries into the system...

7.5CVSS6.8AI score0.00901EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichmentadded 2023/10/18 12:0 a.m.14 views

CVE-2023-42319

Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...

6.8AI score0.00887EPSS
Exploits1References2
CNNVD
CNNVDadded 2023/10/18 12:0 a.m.5 views

Geth Security Breach

Geth is a library in the Geth open source. A security vulnerability exists in Geth 1.13.4 and earlier versions that stems from allowing an attacker to cause a denial of service DOS via a specially crafted graphql query...

7.5CVSS6.6AI score0.00887EPSS
Exploits1References3
CVE
CVEadded 2023/10/18 12:0 a.m.55 views

CVE-2023-42319

CVE-2023-42319 affects Geth (go-ethereum) up to v1.13.4 when running with --http and --graphql. The vulnerability allows remote attackers to trigger a denial of service by sending a crafted GraphQL query, leading to memory exhaustion and a daemon hang. The issue is a DoS condition caused by how t...

7.5CVSS7.3AI score0.00887EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blogadded 2023/10/17 1:48 p.m.27 views

Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries

Impact An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user accou...

7.5CVSS6.9AI score0.00901EPSS
Exploits0References8Affected Software1
OSV
OSVadded 2023/10/17 1:48 p.m.39 views

GHSA-V23W-PPPM-JH66 Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries

Impact An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user accou...

7.5CVSS7.5AI score0.00901EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 2023/10/17 12:0 a.m.6 views

PT-2023-28313 · Ethereum · Geth

Name of the Vulnerable Software and Affected Versions: Geth aka go-ethereum versions 1.13.4 and earlier Description: The issue allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query when --http --graphql is used. The vendor's position i...

7.5CVSS6.9AI score0.00887EPSS
Exploits1References10
NVD
NVDadded 2023/10/16 7:15 p.m.18 views

CVE-2023-40180

silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...

7.5CVSS7.5AI score0.00901EPSS
Exploits0References5
Prion
Prionadded 2023/10/16 7:15 p.m.21 views

Design/Logic Flaw

silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...

5CVSS7.5AI score0.00901EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichmentadded 2023/10/16 6:5 p.m.13 views

CVE-2023-40180 Denial of service vulnerability in silverstripe-graphql via recursive queries

silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...

7.5CVSS7.6AI score0.00901EPSS
Exploits0References5
CVE
CVEadded 2023/10/16 6:5 p.m.74 views

CVE-2023-40180

The CVE-2023-40180 issue affects silverstripe-graphql, where publicly exposed GraphQL schemas can be abused by recursive queries to trigger a Denial of Service. The root cause is lack of validation for recursive/complex queries, enabling high-resource consumption on affected sites (especially wit...

7.5CVSS7.5AI score0.00901EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2023/10/16 6:5 p.m.36 views

CVE-2023-40180 Denial of service vulnerability in silverstripe-graphql via recursive queries

silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...

7.5CVSS7.8AI score0.00901EPSS
Exploits0References5
OSV
OSVadded 2023/10/16 6:5 p.m.26 views

CVE-2023-40180 Denial of service vulnerability in silverstripe-graphql via recursive queries

silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...

7.5CVSS7.3AI score0.00901EPSS
Exploits0References7
Friends Of PHP
Friends Of PHPadded 2023/10/16 12:44 a.m.27 views

CVE-2023-40180 DDOS Vulnerability on GraphQL due to lack of protection against recursive queries

More info at https://www.silverstripe.org/download/security-releases/CVE-2023-40180...

7.5CVSS7.2AI score0.00901EPSS
Exploits0Affected Software1
Hacker One
Hacker Oneadded 2023/10/12 11:14 p.m.26 views

Shopify: IDOR on GraphQL queries BillingDocumentDownload and BillDetails

A vulnerability allowed unauthorized access to billing invoice information for other merchants...

6.8AI score
Exploits0
Hacker One
Hacker Oneadded 2023/10/12 8:33 a.m.49 views

HackerOne: Organization members can delete reports in teams they have no access to

Reports in teams could be deleted by organization members without access to those teams. The vulnerability allowed deletion of analytics reports for restricted teams through a GraphQL mutation even when members lacked permissions to view or edit those reports...

6.9AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2023/10/10 12:0 a.m.4 views

PT-2023-36348 · Unknown · Graphql Mesh

Name of the Vulnerable Software and Affected Versions: GraphQL Mesh affected versions not specified Description: GraphQL Mesh is a framework and gateway for GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, and databases. When a user transforms on the root level or...

7.5CVSS6.9AI score0.0039EPSS
Exploits0References11
NVD
NVDadded 2023/10/04 9:15 p.m.10 views

CVE-2023-43799

Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL Client Desktop Application does not sanitize external URLs before passing them to the underlying system. Moreover, Altair GraphQL Client also does not isolate the context of the renderer process. This affects versions of the...

7.8CVSS5.8AI score0.002EPSS
Exploits0References2
Rows per page
Query Builder