Lucene search
K

5 matches found

OSV
OSV
added 2023/10/17 1:48 p.m.44 views

GHSA-V23W-PPPM-JH66 Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries

Impact An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user accou...

7.5CVSS7.5AI score0.00901EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2023/10/17 1:48 p.m.29 views

Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries

Impact An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user accou...

7.5CVSS6.9AI score0.00901EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2023/10/16 6:5 p.m.49 views

CVE-2023-40180 Denial of service vulnerability in silverstripe-graphql via recursive queries

silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...

7.5CVSS7.8AI score0.00901EPSS
Exploits0References5
CVE
CVE
added 2023/10/16 6:5 p.m.82 views

CVE-2023-40180

The CVE-2023-40180 issue affects silverstripe-graphql, where publicly exposed GraphQL schemas can be abused by recursive queries to trigger a Denial of Service. The root cause is lack of validation for recursive/complex queries, enabling high-resource consumption on affected sites (especially wit...

7.5CVSS7.5AI score0.00901EPSS
Exploits0References5Affected Software1
Friends Of PHP
Friends Of PHP
added 2023/10/16 12:44 a.m.29 views

CVE-2023-40180 DDOS Vulnerability on GraphQL due to lack of protection against recursive queries

More info at https://www.silverstripe.org/download/security-releases/CVE-2023-40180...

7.5CVSS7.2AI score0.00901EPSS
Exploits0Affected Software1
Rows per page
Query Builder