11 matches found
EUVD-2025-12540
Malicious code in bioql PyPI...
EUVD-2024-36468
Malicious code in bioql PyPI...
GraphQL Armor Cost-Limit Plugin Bypass via Introspection Query Obfuscation
Summary A query cost restriction using the cost-limit can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the computeComplexity function, we have the following check for ignoreIntrospection option: ts i...
Security Bulletin: There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2024-40094).
Summary There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2024-40094. An update to IBM CICS TX Advanced has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka...
OpenCTI 访问控制错误漏洞
OpenCTI is an open source cyber threat intelligence platform from OpenCTI Open Source. An access control error vulnerability exists in OpenCTI versions prior to 6.1.9, which stems from the ability to bypass regular expression validation used to block Introspection queries by removing redundant...
graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java
A vulnerability was found in GraphQL Java, affecting versions prior to 21.5. This flaw allows an attacker to perform a denial of service DoS attack via introspection queries. The issue arises due to the improper handling of ExecutableNormalizedFields ENFs, which are not adequately considered duri...
CVE-2024-40094
A vulnerability was found in GraphQL Java, affecting versions prior to 21.5. This flaw allows an attacker to perform a denial of service DoS attack via introspection queries. The issue arises due to the improper handling of ExecutableNormalizedFields ENFs, which are not adequately considered duri...
GHSA-H9MQ-F6Q5-6C8M GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service
GraphQL Java aka graphql-java before 21.5 does not properly consider ExecutableNormalizedFields ENFs as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions...
CVE-2024-40094
GraphQL Java aka graphql-java before 21.5 does not properly consider ExecutableNormalizedFields ENFs as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions...
CVE-2024-40094
GraphQL Java aka graphql-java before 21.5 does not properly consider ExecutableNormalizedFields ENFs as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions...
PT-2023-31900 · Pimcore · Pimcore
Name of the Vulnerable Software and Affected Versions: pimcore/demo versions prior to 10.3.0 Description: The issue concerns excessive data query operations in a large data table. Additionally, introspection is enabled on the demo site demo.pimcore.fun, which allows users to run introspection...