5 matches found
com.introproventures:graphql-jpa-query-test-boot-starter (>=1.1.0 <=1.1.3), com.introproventures:graphql-jpa-query-test-multiple-datasources (>=1.1.0 <=1.1.3) +16 more potentially affected by CVE-2023-34047 via org.springframework.graphql:spring-graphql (>=1.2.0 <=1.2.2)
org.springframework.graphql:spring-graphql MAVEN version =1.2.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.11.0, =1.11.0, =1.1.0, =7.19.2, =4.6.0, =4.6.0, =4.6.0, =4.6.3, =4.6.0, =4.6.0, =4.6.5 and more Source cves: CVE-2023-34047 Source advisory:...
com.introproventures:graphql-jpa-query-test-boot-starter (=1.0.0), com.introproventures:graphql-jpa-query-test-multiple-datasources (=1.0.0) +11 more potentially affected by CVE-2023-34047 via org.springframework.graphql:spring-graphql (>=1.1.0 <=1.1.5)
org.springframework.graphql:spring-graphql MAVEN version =1.1.0, =1.0.0, =0.0.1, =7.16.0, =3.0.0, =1.1.0, =6.0.0, =1.0.0, =2.0.0-RELEASE Source cves: CVE-2023-34047 Source advisory: OSV:GHSA-FRQC-F2H8-FJVF...
CVE-2023-34047 Exposure of data and identity to wrong session in Spring for GraphQL
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...
CVE-2023-34047
CVE-2023-34047 affects Spring GraphQL: vulnerable batches occur when registering batch loader functions with a DataLoaderOptions instance in versions 1.1.0–1.1.5 and 1.2.0–1.2.2. Root cause: a batch loader may be exposed to the GraphQL context with values from a different session, including secur...
CVE-2023-34047 Exposure of data and identity to wrong session in Spring for GraphQL
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...