3121 matches found
CVE-2023-28104 silverstripe/graphql Denial of Service vulnerability
silverstripe/graphql serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with...
Silverstripe CMS GraphQL Server 安全漏洞
Silverstripe CMS GraphQL Server is a tool that makes SilverStripe data available as a GraphQL representation. A security vulnerability exists in Silverstripe CMS GraphQL Server versions 4.2.2 and 4.1.1. An attacker exploiting this vulnerability could perform a denial-of-service attack against a...
CVE-2023-28104 DDOS attack on graphql endpoints
More info at https://www.silverstripe.org/download/security-releases/CVE-2023-28104...
CVE-2023-27588
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects...
Path traversal
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects...
CVE-2023-27588 Unauthenticated path traversal vulnerability in Hasura GraphQL Engine
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects...
CVE-2023-27588 Unauthenticated path traversal vulnerability in Hasura GraphQL Engine
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects...
CVE-2023-27588
CVE-2023-27588 describes an unauthenticated path traversal vulnerability in Hasura GraphQL Engine. Affected are self-hosted Hasura deployments that are publicly exposed and not protected by a WAF or HTTP protections; Hasura Cloud deployments are not vulnerable. The issue is triggered by improper ...
CVE-2023-27588 Unauthenticated path traversal vulnerability in Hasura GraphQL Engine
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects...
PT-2023-21229 · Hasura · Hasura Graphql Engine
Name of the Vulnerable Software and Affected Versions: Hasura GraphQL Engine versions prior to 1.3.4 Hasura GraphQL Engine versions prior to 2.55.1 Hasura GraphQL Engine versions prior to 2.20.1 Hasura GraphQL Engine versions prior to 2.21.0-beta1 Description: A path traversal vulnerability has...
Hasura GraphQL Engine 路径遍历漏洞
Hasura GraphQL Engine is a very fast GraphQL server from Hasura open source. A security vulnerability exists in Hasura GraphQL Engine that stems from a path traversal vulnerability...
Graphicator - A GraphQL Enumeration And Extraction Tool
Graphicator is a GraphQL "scraper" / extractor. The tool iterates over the introspection document returned by the targeted GraphQL endpoint, and then re-structures the schema in an internal form so it can re-create the supported queries. When such queries are created is using them to send request...
Instropection query is enabled on demo.pimcore.fun
Description Introspection is enabled on the demo.pimcore.fun. demo site has graphql feature for users but via that graphql endpoint attacker can run the instropection queries. which makes the vulnerable. Proof of Concept Just visit the link...
CVE-2023-26052
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated...
CVE-2023-26051
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated...
Information disclosure
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated...
Information disclosure
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated...
CVE-2023-26052
CVE-2023-26052 affects Saleor, a headless GraphQL commerce platform. The issue is unauthenticated information disclosure caused by internal Python exceptions not being properly handled, which can leak sensitive infrastructure details via API error messages. Affected versions were fixed in 3.1.48,...
CVE-2023-26051 Saleor is vulnerable to staff-authenticated error message information disclosure vulnerability via Python exceptions
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated...
CVE-2023-26051
Summary of CVE-2023-26051 (Saleor) : Saleor is vulnerable to information disclosure via unhandled internal Python exceptions that may be returned in API error messages. The leakage can reveal sensitive data such as user email addresses in staff-authenticated requests. This issue has been addresse...