2 matches found
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the OrganizationItemSelectorViewDisplayContext class. An attacker can list organizations by sending crafted requests as an authenticated user. Remediation Upgrade...
Incorrect Behavior Order
Overview api-platform/graphql is an API Platform GraphQL component. Affected versions of this package are vulnerable to Incorrect Behavior Order due to the ItemNormalizer::isCacheKeySafe method. An attacker can access sensitive information by exploiting the improper cache key generation. Workarou...