com.azure.spring:azure-spring-boot-starter-active-directory-b2c (>=3.3.0 <=3.5.0), com.backbase.oss:scdf-maven-plugin (=0.2.0) +114 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-oauth2-client (>=5.4.0 <=5.4.6)

org.springframework.security:spring-security-oauth2-client MAVEN version =5.4.0, =3.3.0, =2.4.1, =1.12, =1.18.1, =1.12, =1.12, =1.12, =1.12.1, =0.1.0-beta.6, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5...

CVE-2021-35970

Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type...

CVE-2021-35970

Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type...

Design/Logic Flaw

Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type...

CVE-2021-35970

CVE-2021-35970 affects Coral Talk 4 prior to 4.12.1. The issue arises from permission checks using an incorrect data type, enabling remote attackers to query GraphQL and discover email addresses and other sensitive information. Exploitation is remote and unauthenticated as described in the public...

CVE-2021-35970

Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type...

Coral 安全漏洞

coral is an open source project. Improve the community on your website through smart technology, effective design, and efficient strategy. A security vulnerability exists in Coral Talk 4 versions prior to 4.12.1, which stems from the use of incorrect data types for program privilege checking, and...

GraphQL API Detected

GraphQL is an open-source query and manipulation language for APIs and a server-side runtime built to handle these queries on the application dataset. It is a popular alternative to traditional REST or SOAP APIs, providing flexibility and an optimized data fetching method. The scanner detected th...

Instagram‌ ‌Bug Allowed Anyone to View Private Accounts Without Following Them

Instagram has patched a new flaw that allowed anyone to view archived posts and stories posted by private accounts without having to follow them. "This bug could have allowed a malicious user to view targeted media on Instagram," security researcher Mayur Fartade said in a Medium post today. "An...

Authentication bypass in SilverStripe GraphQL

The GraphQL module accepts basic-auth as an authentication method by default. This can be used to bypass MFA authentication if the silverstripe/mfa module is installed, which is now a commonly installed module. A users password is still required though. Basic-auth has been removed as a default...

GHSA-MG2G-8PWJ-R2J2 Authentication bypass in SilverStripe GraphQL

The GraphQL module accepts basic-auth as an authentication method by default. This can be used to bypass MFA authentication if the silverstripe/mfa module is installed, which is now a commonly installed module. A users password is still required though. Basic-auth has been removed as a default...

SilverStripe License Issues Vulnerability (CNVD-2021-50577)

SilverStripe is New Zealand SilverStripe Silverstripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . SilverStripe has an authorization issue vulnerability that stems from...

CVE-2020-26136

In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA multi-factor authentication when using basic authentication...

CVE-2020-26136

In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA multi-factor authentication when using basic authentication...

Authentication flaw

In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA multi-factor authentication when using basic authentication...

CVE-2020-26136

In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA multi-factor authentication when using basic authentication...

CVE-2020-26136

CVE-2020-26136 affects SilverStripe GraphQL prior to fixes in 4.6.0-rc1, where MFA is not honored when basic authentication is used. Several connected advisories corroborate an authentication bypass risk via the GraphQL module, with mitigation notes indicating that basic-auth has been removed by ...

CVE-2021-28661 Default GraphQL permission checker not inherited by query subclass

More info at https://www.silverstripe.org/download/security-releases/CVE-2021-28661...

CVE-2020-26136 GraphQL doesn't honour MFA when using basic auth

More info at https://www.silverstripe.org/download/security-releases/cve-2020-26136...

DRUPAL-CONTRIB-2021-013

This module lets you craft and expose a GraphQL web service API. The module does not sufficiently protect arbitrary exception and error messages thereby exposing an information disclosure vulnerability. This vulnerability is mitigated by the fact that a GraphQL server must be enabled and a data...