MAL-2022-266 Malicious code in @fbsystem/figma-graphql (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ffcdcbc9429c0fa805533c9d10c14de74d0e13ff69d006e033802a11ac00733b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fb-graphql-compiler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 986d803ee022c130857a432483f2147e7caa097ff439a76940df7022e64e588f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2974 Malicious code in fb-graphql-compiler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 986d803ee022c130857a432483f2147e7caa097ff439a76940df7022e64e588f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Spring Tips: Learn Spring for GraphQL (parts 5 and 6 of an ongoing series)

Hi, Spring fans! In thi^^^ these installments, we continue our series introducing the Spring for GraphQL project. This series features Spring for GraphQL lead Rossen Stoyanchev @rstoya05 - whose work you may know from basically everything in the wide and wonderful world of Springdom having to do...

CVE-2022-25863

The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible whe...

Deserialization of untrusted data

The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible whe...

Spring Tips: Learn Spring for GraphQL (parts 3 and 4 of an ongoing series)

Hi, Spring fans! In thi^^^ these installments, we continue our series introducing the Spring for GraphQL project. This series features Spring for GraphQL lead Rossen Stoyanchev @rstoya05 - whose work you may know from basically everything in the wide and wonderful world of Springdom having to do...

This Week in Spring - June 7th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Ive just landed in tantalizing Toronto, Canada, for the SpringOne Tour Toronto show. Im so excited to be here, at long last, after so long away from one of my favorite countries. Ill be doing two talks - my usual, Kubernetes...

Spring Tips: Learn Spring for GraphQL (parts 1 and 2 of an ongoing series)

Hi, Spring fans! In thi^^^ these installments, we begin a new series introducing the Spring for GraphQL project. In this first installment, GraphQL Java lead Andi Marek @andimarek and I @starbuxman look at the basics of using the GraphQL Java engine that underpins Spring for GraphQL. In this seco...

PT-2022-3650 · Red Hat · Red Hat Advanced Cluster Security For Kubernetes

Name of the Vulnerable Software and Affected Versions: Red Hat Advanced Cluster Security for Kubernetes affected versions not specified Description: A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes, related to insufficient protection of service data in the GraphQL API. Thi...

GHSA-3F97-7PGV-GMGR Magento affected by a business logic error in the placeOrder graphql mutation

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of an item...

GHSA-WR57-3H2F-3Q95 Magento affected by a server-side denial-of-service using a GraphQL field

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field...

Magento affected by a server-side denial-of-service using a GraphQL field

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field...

GHSA-H4XC-577P-HGJ9 Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are affected by a cross-site request forgery CSRF vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer metadata by an unauthenticated attacker. Access to the...

Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are affected by a cross-site request forgery CSRF vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer metadata by an unauthenticated attacker. Access to the...

GHSA-589Q-75R3-MFQ4 Silverstripe has Incorrect Default Permissions

SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited...

Silverstripe has Incorrect Default Permissions

SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited...

GHSA-FX37-56V6-85Q6 Silverstripe CSRF Protection Bypass via GraphQL

In SilverStripe/GraphQL prior to 2.0.5 and 3.1.2, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations...

Silverstripe CSRF Protection Bypass via GraphQL

In SilverStripe/GraphQL prior to 2.0.5 and 3.1.2, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations...

This Week in Spring - May 24th, 2022

Hi, Spring fans! Im in Spain for business and not just a little pleasure. Yesterday, my partner, her mother, and I went to Formentera, Spain, a little island off of Ibiza, Spain. It was amazing. Were now in Ibiza, Spain, which is a little island not far from Barcelona, Spain, on the mainland of...