Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/04 2:12 p.m.7 views

CVE-2026-47707

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account for the multiplicative/amplification effect of FragmentSpreadNode. While it correctly counts static aliases within the AST it does not...

5.3CVSS5.8AI score0.00417EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 2:12 p.m.10 views

CVE-2026-47707 Strawberry GraphQL's Bypass of MaxAliasesLimiter via Fragment Spreads leading to GraphQL Alias Amplification

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account for the multiplicative/amplification effect of FragmentSpreadNode. While it correctly counts static aliases within the AST it does not...

5.3CVSS5.8AI score0.00417EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/04 2:12 p.m.41 views

CVE-2026-47707 Strawberry GraphQL's Bypass of MaxAliasesLimiter via Fragment Spreads leading to GraphQL Alias Amplification

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account for the multiplicative/amplification effect of FragmentSpreadNode. While it correctly counts static aliases within the AST it does not...

5.3CVSS0.00417EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.8 views

Strawberry GraphQL 安全漏洞

Strawberry GraphQL is an open-source Python GraphQL library that utilizes type annotations. Versions 0.172.0 to 0.315.6 of Strawberry GraphQL contain security vulnerabilities. These vulnerabilities stem from the MaxAliasesLimiter extension not taking into account the multiplicative amplification...

5.3CVSS5.3AI score0.00417EPSS
Exploits1References2
Rows per page
Query Builder