5 matches found
GHSA-V23W-PPPM-JH66 Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries
Impact An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user accou...
Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries
Impact An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user accou...
CVE-2023-40180 Denial of service vulnerability in silverstripe-graphql via recursive queries
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...
CVE-2023-40180
The CVE-2023-40180 issue affects silverstripe-graphql, where publicly exposed GraphQL schemas can be abused by recursive queries to trigger a Denial of Service. The root cause is lack of validation for recursive/complex queries, enabling high-resource consumption on affected sites (especially wit...
CVE-2023-40180 DDOS Vulnerability on GraphQL due to lack of protection against recursive queries
More info at https://www.silverstripe.org/download/security-releases/CVE-2023-40180...