CVE-2023-41317 Unnamed "Subscription" operation results in Denial-of-Service in apollographql/router

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are...

CVE-2023-41317 Unnamed "Subscription" operation results in Denial-of-Service in apollographql/router

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are...

CVE-2023-41317 Unnamed "Subscription" operation results in Denial-of-Service in apollographql/router

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are...

CVE-2023-41317

Summary. CVE-2023-41317 affects Apollo Router (Rust) v1.28.0, v1.28.1, and v1.29.0, where an anonymous GraphQL subscription can trigger a DoS panic if the supergraph defines a subscription type and subscriptions are enabled in config. The vulnerability requires all four conditions to be met: impa...

PT-2023-27902 · Unknown · Apollo Router

Name of the Vulnerable Software and Affected Versions: Apollo Router versions 1.28.0 through 1.29.0 Description: The Apollo Router is subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are enabled. This can be triggered...

Apollo Router Security Vulnerability

Apollo Router is a configurable, high-performance graphical router written in Rust. A security vulnerability exists in Apollo Router that stems from enabling GraphQL subscriptions, which in some cases can cause the Router to experience an emergency and terminate...

Important: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Candlepin Security Breach

Candlepin is a collection of tools that allow companies to manage software subscriptions. A security vulnerability exists in Candlepin that stems from a security flaw in the authorization checking of the server component...

GHSA-GGGM-66RH-PP98 Incorrect Permission Checking for GraphQL Subscriptions

Summary CWE-200: Exposure of Sensitive Information to an Unauthorized Actor Access to information you should not have access to when the permissions rely on $CURRENTUSER for filtering. Details The permission filters i.e. usercreated IS $CURRENTUSER are not properly checked when using GraphQL...

CVE-2023-38503 Directus has Incorrect Permission Checking for GraphQL Subscriptions

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.3.0 and prior to version 10.5.0, the permission filters i.e. usercreated IS $CURRENTUSER are not properly checked when using GraphQL subscription resulting in unauthorized users getting event o...

PT-2023-26483 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions 10.3.0 through 10.4.x Description: The issue concerns the improper checking of permission filters when using GraphQL subscriptions, resulting in unauthorized users receiving events they should not have access to. This affect...

Directus 信息泄露漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus versions prior to 10.3.0 through 10.5.0, which stems from improper permission checking of GraphQL subscriptions, resulting in an information...

WordPress WooCommerce Subscriptions Plugin <= 5.1.2 is vulnerable to Insecure Direct Object References (IDOR)

Software WooCommerce Subscriptions Type Plugin Vulnerable versions = 5.1.2 Fixed in 5.1.3 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-35914 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 00ef3fa8d5b4 Credits...

CVE-2023-1430

The FluentCRM - Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.8.01 due to the use of an MD5 hash without a salt to control subscriptions. This makes it possible for unauthenticated attackers to...

CVE-2023-1430

CVE-2023-1430 affects the FluentCRM plugin for WordPress. The vulnerability arises from using an MD5 hash without a salt to authorize unsubscription and subscription management, allowing unauthenticated attackers (with knowledge of a subscriber’s email) to unsubscribe or modify subscriptions. Aff...

CVE-2023-34226

In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible...

CVE-2023-34226

In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible...

Cross site scripting

In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible...

CVE-2023-34226

In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible...

CVE-2023-34226

In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible...