EUVD-2022-6921

Malicious code in bioql PyPI...

CVE-2022-36084

cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema. If cruddl starting with version 1.1.0 and prior to versions 2.7.0 and 3.0.2 is used to generate a schema that uses @flexSearchFulltext, users of that schema may be able to inject arbitrary AQL...

GHSA-QM4W-4995-VG7F cruddl vulnerable to ArangoDB Query Language (AQL) injection through flexSearch

Impact If a vunerable version of cruddl is used to generate a schema that uses @flexSearchFulltext, users of that schema may be able to inject arbitrary AQL queries that will be forwarded to and executed by ArangoDB. Schemas that do not use @flexSearchFulltext are not affected. The attacker needs...

cruddl vulnerable to ArangoDB Query Language (AQL) injection through flexSearch

Impact If a vunerable version of cruddl is used to generate a schema that uses @flexSearchFulltext, users of that schema may be able to inject arbitrary AQL queries that will be forwarded to and executed by ArangoDB. Schemas that do not use @flexSearchFulltext are not affected. The attacker needs...

SQL Injection

cruddl is vulnerable to sql injection attacks. The vulnerability exists because of the missing sanitizations in the query function in arangodb-adapter.ts which allows a remote attacker to inject and execute malicious javascript script in to the system...

CVE-2022-36084

cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema. If cruddl starting with version 1.1.0 and prior to versions 2.7.0 and 3.0.2 is used to generate a schema that uses @flexSearchFulltext, users of that schema may be able to inject arbitrary AQL...

Code injection

cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema. If cruddl starting with version 1.1.0 and prior to versions 2.7.0 and 3.0.2 is used to generate a schema that uses @flexSearchFulltext, users of that schema may be able to inject arbitrary AQL...

CVE-2022-36084 cruddl vulnerable to AQL injection through flexSearch

cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema. If cruddl starting with version 1.1.0 and prior to versions 2.7.0 and 3.0.2 is used to generate a schema that uses @flexSearchFulltext, users of that schema may be able to inject arbitrary AQL...

CVE-2022-36084 cruddl vulnerable to AQL injection through flexSearch

cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema. If cruddl starting with version 1.1.0 and prior to versions 2.7.0 and 3.0.2 is used to generate a schema that uses @flexSearchFulltext, users of that schema may be able to inject arbitrary AQL...

CVE-2022-36084

Summary of CVE-2022-36084 : The vulnerability affects cruddl (GraphQL API schema generator). If a schema uses the directive @flexSearchFulltext and cruddl is used with versions before 2.7.0 or 3.0.2, an attacker with READ permission on at least one root entity type that has @flexSearchFulltext en...

CVE-2022-36084 cruddl vulnerable to AQL injection through flexSearch

cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema. If cruddl starting with version 1.1.0 and prior to versions 2.7.0 and 3.0.2 is used to generate a schema that uses @flexSearchFulltext, users of that schema may be able to inject arbitrary AQL...

cruddl 安全漏洞

cruddl is an open source library from AEB Germany. Used to create a GraphQL API for your database , using GraphQL SDL for your architecture modeling . cruddl has a security vulnerability , an attacker can use this vulnerability can be able to inject arbitrary AQL queries , these queries will be...

PT-2022-23173 · Arangodb +1 · Arangodb +1

Name of the Vulnerable Software and Affected Versions: cruddl versions 1.1.0 through 2.6.x cruddl versions 3.0.0 through 3.0.1 Description: The issue affects cruddl when used to generate a schema that uses @flexSearchFulltext. Users of that schema may be able to inject arbitrary AQL queries that...