9 matches found
Exploit for CVE-2025-27407
PoCCVE-2025-27407 Proof of concept for a remote code executi...
[SECURITY] [DLA 4263-1] ruby-graphql security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-4263-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta August 04, 2025 https://wiki.debian.org/LTS -...
Debian dla-4263 : ruby-graphql - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4263 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4263-1 [email protected] https://www.debian.org/lts/security/...
Debian: Security Advisory (DLA-4263-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-27407
A flaw was found in graphql-ruby. In affected versions of graphq-ruby, loading a malicious schema definition in the GraphQL::Schema.fromintrospection or the GraphQL::Schema::Loader.load can cause remote code execution. Any system that loads a schema by JSON from an untrusted source is vulnerable,...
CVE-2025-27407 Remote code execution when loading a crafted GraphQL schema
graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...
CVE-2025-27407 Remote code execution when loading a crafted GraphQL schema
graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...
CVE-2025-27407
CVE-2025-27407 concerns graphql-ruby: loading a malicious schema via GraphQL::Schema.from_introspection (or GraphQL::Schema::Loader.load) can lead to remote code execution. Affected versions are pre-patches: 1.11.5–1.11.7, 1.11.? (and 1.12.24, 1.13.23, 2.0.31, 2.1.13, 2.2.16, 2.3.20). Patches exi...
CVE-2025-27407
graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...