Lucene search
+L

10 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2495

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.0036EPSS
Exploits0References3
OSV
OSV
added 2023/09/20 12:30 p.m.2 views

GHSA-FRQC-F2H8-FJVF Spring for GraphQL may be exposed to GraphQL context with values from a different session

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...

3.1CVSS5.8AI score0.0036EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/09/20 12:30 p.m.34 views

Spring for GraphQL may be exposed to GraphQL context with values from a different session

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...

4.3CVSS6.8AI score0.0036EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/09/20 10:15 a.m.24 views

CVE-2023-34047

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...

4.3CVSS4AI score0.0036EPSS
Exploits0References1
Prion
Prion
added 2023/09/20 10:15 a.m.35 views

Code injection

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...

4.3CVSS4.6AI score0.0036EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/09/20 9:9 a.m.22 views

CVE-2023-34047 Exposure of data and identity to wrong session in Spring for GraphQL

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...

3.1CVSS5.9AI score0.0036EPSS
Exploits0References3
CVE
CVE
added 2023/09/20 9:9 a.m.2521 views

CVE-2023-34047

CVE-2023-34047 affects Spring GraphQL: vulnerable batches occur when registering batch loader functions with a DataLoaderOptions instance in versions 1.1.0–1.1.5 and 1.2.0–1.2.2. Root cause: a batch loader may be exposed to the GraphQL context with values from a different session, including secur...

4.3CVSS4.2AI score0.0036EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/09/20 12:0 a.m.7 views

Spring GraphQL Security Vulnerability

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A security vulnerability exists in Spring GraphQL versions 1.1.0 through 1.1.5 and 1.2.0 through 1.2.2, which stems from the...

4.3CVSS6.8AI score0.0036EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/20 12:0 a.m.9 views

PT-2023-24654 · Spring · Spring For Graphql

Name of the Vulnerable Software and Affected Versions: Spring for GraphQL versions 1.1.0 through 1.1.5 Spring for GraphQL versions 1.2.0 through 1.2.2 Description: A batch loader function in Spring for GraphQL may be exposed to GraphQL context with values, including security context values, from ...

4.3CVSS6.9AI score0.0036EPSS
Exploits0References9
Spring Security Advisories
Spring Security Advisories
added 2023/09/19 12:0 a.m.6 views

Exposure of data and identity to wrong session in Spring for GraphQL

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...

3.1CVSS5.8AI score0.0036EPSS
Exploits0References1
Rows per page
Query Builder