2 matches found
GHSA-Q2M9-6JP9-C6MC Dgraph Vulnerable to DQL Injection via checkUserPassword GraphQL Query
Summary The checkUserPassword GraphQL query in Dgraph is vulnerable to DQL Dgraph Query Language injection. User-supplied password values are interpolated directly into a DQL checkpwd query via fmt.Sprintf without any escaping or parameterization. An attacker can inject a password containing a...
Dgraph Vulnerable to DQL Injection via checkUserPassword GraphQL Query
Summary The checkUserPassword GraphQL query in Dgraph is vulnerable to DQL Dgraph Query Language injection. User-supplied password values are interpolated directly into a DQL checkpwd query via fmt.Sprintf without any escaping or parameterization. An attacker can inject a password containing a...