6 matches found
EUVD-2023-2495
Malicious code in bioql PyPI...
Information Disclosure
org.springframework.graphql:spring-graphql is vulnerable to Information Disclosure. The vulnerability is due to an issue where an application provides a DataLoaderOptions instance when registering batch loader functions through the DefaultBatchLoaderRegistry method leading to information disclosu...
Spring for GraphQL may be exposed to GraphQL context with values from a different session
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...
Code injection
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...
CVE-2023-34047 Exposure of data and identity to wrong session in Spring for GraphQL
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...
CVE-2023-34047
CVE-2023-34047 affects Spring GraphQL: vulnerable batches occur when registering batch loader functions with a DataLoaderOptions instance in versions 1.1.0–1.1.5 and 1.2.0–1.2.2. Root cause: a batch loader may be exposed to the GraphQL context with values from a different session, including secur...