Lucene search
+L

7 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2495

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.0036EPSS
Exploits0References3
veracode
veracode
added 2023/09/25 8:52 a.m.24 views

Information Disclosure

org.springframework.graphql:spring-graphql is vulnerable to Information Disclosure. The vulnerability is due to an issue where an application provides a DataLoaderOptions instance when registering batch loader functions through the DefaultBatchLoaderRegistry method leading to information disclosu...

4.3CVSS6.3AI score0.0036EPSS
Exploits0References4Affected Software1
github
github
added 2023/09/20 12:30 p.m.32 views

Spring for GraphQL may be exposed to GraphQL context with values from a different session

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...

4.3CVSS6.8AI score0.0036EPSS
Exploits0References3Affected Software1
prion
prion
added 2023/09/20 10:15 a.m.33 views

Code injection

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...

4.3CVSS4.6AI score0.0036EPSS
Exploits0References1Affected Software1
cve
cve
added 2023/09/20 9:9 a.m.2520 views

CVE-2023-34047

CVE-2023-34047 affects Spring GraphQL: vulnerable batches occur when registering batch loader functions with a DataLoaderOptions instance in versions 1.1.0–1.1.5 and 1.2.0–1.2.2. Root cause: a batch loader may be exposed to the GraphQL context with values from a different session, including secur...

4.3CVSS4.2AI score0.0036EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2023/09/20 9:9 a.m.28 views

CVE-2023-34047 Exposure of data and identity to wrong session in Spring for GraphQL

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...

3.1CVSS4.9AI score0.0036EPSS
Exploits0References1
spring
spring
added 2023/09/19 12:0 a.m.6 views

Exposure of data and identity to wrong session in Spring for GraphQL

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...

3.1CVSS5.8AI score0.0036EPSS
Exploits0References1
Rows per page
Query Builder