Lucene search
+L

5 matches found

vulnersosv
vulnersosv
added 2023/09/20 12:30 p.m.13 views

com.introproventures:graphql-jpa-query-test-boot-starter (>=1.1.0 <=1.1.3), com.introproventures:graphql-jpa-query-test-multiple-datasources (>=1.1.0 <=1.1.3) +16 more potentially affected by CVE-2023-34047 via org.springframework.graphql:spring-graphql (>=1.2.0 <=1.2.2)

org.springframework.graphql:spring-graphql MAVEN version =1.2.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.11.0, =1.11.0, =1.1.0, =7.19.2, =4.6.0, =4.6.0, =4.6.0, =4.6.3, =4.6.0, =4.6.0, =4.6.5 and more Source cves: CVE-2023-34047 Source advisory:...

4.3CVSS5.8AI score0.0036EPSS
Exploits0
vulnersosv
vulnersosv
added 2023/09/20 12:30 p.m.6 views

com.introproventures:graphql-jpa-query-test-boot-starter (=1.0.0), com.introproventures:graphql-jpa-query-test-multiple-datasources (=1.0.0) +11 more potentially affected by CVE-2023-34047 via org.springframework.graphql:spring-graphql (>=1.1.0 <=1.1.5)

org.springframework.graphql:spring-graphql MAVEN version =1.1.0, =1.0.0, =0.0.1, =7.16.0, =3.0.0, =1.1.0, =6.0.0, =1.0.0, =2.0.0-RELEASE Source cves: CVE-2023-34047 Source advisory: OSV:GHSA-FRQC-F2H8-FJVF...

4.3CVSS5.8AI score0.0036EPSS
Exploits0
vulnrichment
vulnrichment
added 2023/09/20 9:9 a.m.14 views

CVE-2023-34047 Exposure of data and identity to wrong session in Spring for GraphQL

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...

3.1CVSS6.8AI score0.0036EPSS
Exploits0References1
cve
cve
added 2023/09/20 9:9 a.m.2520 views

CVE-2023-34047

CVE-2023-34047 affects Spring GraphQL: vulnerable batches occur when registering batch loader functions with a DataLoaderOptions instance in versions 1.1.0–1.1.5 and 1.2.0–1.2.2. Root cause: a batch loader may be exposed to the GraphQL context with values from a different session, including secur...

4.3CVSS4.2AI score0.0036EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2023/09/20 9:9 a.m.27 views

CVE-2023-34047 Exposure of data and identity to wrong session in Spring for GraphQL

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...

3.1CVSS4.9AI score0.0036EPSS
Exploits0References1
Rows per page
Query Builder