Allocation of Resources Without Limits or Throttling

Overview @escape.tech/graphql-armor-max-depth is a Limit the depth allowed in a GraphQL query. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the countDepth function. An attacker can cause excessive resource consumption by crafting...

Allocation of Resources Without Limits or Throttling

Overview @escape.tech/graphql-armor-max-depth is a Limit the depth allowed in a GraphQL query. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the countDepth function when the ignoreIntrospection configuration is enabled. An attacker ca...

PT-2024-25968 · Select Themes · Select-Themes Stockholm

Name of the Vulnerable Software and Affected Versions: Select-Themes Stockholm Core versions n/a through 2.4.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This can be exploited ...

PT-2023-9640

Name of the Vulnerable Software and Affected Versions DOMPurify versions prior to 2.4.2 Description The issue is related to an uncontrolled modification of object prototype attributes in the DOMPurify JavaScript library, which is used for secure cleaning and protection of HTML code. This can allo...

Deserialization of Untrusted Data

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the process of saving customer details. An authenticated attacker with admin privileges can execute arbitrary code by submitting...