CVE-2022-39275

CVE-2022-39275 affects Saleor (headless GraphQL commerce platform). The issue is improper ID-type validation in several GraphQL mutations that can let an authenticated user access database objects they should not, potentially exposing info such as row counts from tables with sequential keys and s...

CVE-2022-39275 Improper object type validation in saleor

Saleor is a headless, GraphQL commerce platform. In affected versions some GraphQL mutations were not properly checking the ID type input which allowed to access database objects that the authenticated user may not be allowed to access. This vulnerability can be used to expose the following...

CVE-2022-39275 Improper object type validation in saleor

Saleor is a headless, GraphQL commerce platform. In affected versions some GraphQL mutations were not properly checking the ID type input which allowed to access database objects that the authenticated user may not be allowed to access. This vulnerability can be used to expose the following...

graphql-java: DoS by malicious query

A flaw was found in GraphQL Java. This flaw allows an attacker to use a malicious query in GraphQL to cause a denial of service due to inefficient lexer input validation...

Important: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.3.3 security update

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

Malicious code in graphql-ms (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1579df6eb121dfcca4111c8ed7ad074f1b52d4847ad652e6b9cb71cea45015b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3447 Malicious code in graphql-ms (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1579df6eb121dfcca4111c8ed7ad074f1b52d4847ad652e6b9cb71cea45015b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

This Week in Spring - September 27th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Its the last week of September, already! The years more done than not. The days are receding into darkness earlier. And the Pumpkin Spice Lattes are upon us. The darker and colder days are kind of a bummer, but Im stil excite...

GitHub: Github Apps can use Scoped-User-To-Server Tokens to Obtain Full Access to User's Projects in Project V2 GraphQL api

An incorrect authorization vulnerability was found in GitHub Enterprise Server that allowed GitHub Apps to gain access to and modify most organization-level resources that are not tied to a repository, regardless of granted permissions. This vulnerability affected all versions of GitHub Enterpris...

GraphQL Cross-Site Request Forgery

GraphQL is an open-source query and manipulation language for APIs and a server-side runtime built to handle these queries on the application dataset. GraphQL servers often allow other Content-Type header values than application/json, and GET based requests for both queries and mutations. By...

My SpringOne 2022

It has taken me an embarrassingly long time to appreciate and understand that the devil is in the details regarding software development. Writing happy-path business logic isnt the hard part! Its the failure cases, observability, resilience, and process. Its security and other so-called...

CVE-2022-37734

A flaw was found in GraphQL Java. This flaw allows an attacker to use a malicious query in GraphQL to cause a denial of service due to inefficient lexer input validation...

Denial Of Services (DoS)

graphql-java is vulnerable to denial-of-service. The vulnerability exists because ANTLR lexing and parsing code is taking proportionally longer to get to the max token state which allows a remote attacker to send a malicious GraphQL query that consumes CPU resources resulting in an application...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=6.0.0 <=6.1.3), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=6.0.3 <=6.1.3) +753 more potentially affected by CVE-2022-37734 via com.graphql-java:graphql-java (>=0.0.0-2021-06-27T12-22-33-cd2bab76 <=17.3)

com.graphql-java:graphql-java MAVEN version =0.0.0-2021-06-27T12-22-33-cd2bab76, =6.0.0, =6.0.3, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.3, =0.1.0, =1.0.0, =2.8.5, =1.3.0, =1.1.0, =0.6.3, =2.0.1 and more Source cves: CVE-2022-37734 Source advisory: OSV:GHSA-V62J-CXHH-FQ22...

graphql-java vulnerable to Denial of Service via GraphQL query that consumes CPU resources

graphql-java before 19.0, 18.3, and 17.4 is vulnerable to Denial of Service. An attacker send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0, 18.3, and 17.4...

GHSA-V62J-CXHH-FQ22 graphql-java vulnerable to Denial of Service via GraphQL query that consumes CPU resources

graphql-java before 19.0, 18.3, and 17.4 is vulnerable to Denial of Service. An attacker send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0, 18.3, and 17.4...

CVE-2022-37734

graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9...

CVE-2022-37734

graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9...

CVE-2022-37734

graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9...

Design/Logic Flaw

graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9...