23 matches found
EUVD-2020-0323
Malware in sbrugna...
CVE-2020-5289
In Elide before 4.5.14, it is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The...
CVE-2022-24827
Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameterized Columns A column that requires a client provided parameter, and a parameterized column of typ...
MAL-2022-2701 Malicious code in elide-doc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware baab8979c640d7bd29110cf8fd6bc55a0dc13c4e69de4d175c2592acfeacdc71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in elide-doc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware baab8979c640d7bd29110cf8fd6bc55a0dc13c4e69de4d175c2592acfeacdc71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SQL Injection
com.yahoo.elide:elide-datastore-aggregation is vulnerable to SQL Injection attacks. A specifically crafted query statement through a parameterized TEXT column allows a malicious user to inject and execute arbitrary SQL queries via the ValueType enum...
Elide SQL Injection Vulnerability
Elide is a Java library. Elide is vulnerable to SQL injection, which can be exploited by attackers to execute arbitrary SQL statements...
CVE-2022-24827
Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameterized Columns A column that requires a client provided parameter, and a parameterized column of typ...
Authorization
Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameterized Columns A column that requires a client provided parameter, and a parameterized column of typ...
CVE-2022-24827 SQL Injection in elide-datastore-aggregation
Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameterized Columns A column that requires a client provided parameter, and a parameterized column of typ...
CVE-2022-24827 SQL Injection in elide-datastore-aggregation
Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameterized Columns A column that requires a client provided parameter, and a parameterized column of typ...
CVE-2022-24827
Elide (Java) SQL Injection vulnerability (CVE-2022-24827) affects analytic queries that use Parameterized Columns of type TEXT in the Elide Aggregation Data Store. The issue stems from the TEXT parameter handling that can be interpreted as SQL comments (–) after a patch in 6.1.2, allowing bypass ...
CVE-2022-24827 SQL Injection in elide-datastore-aggregation
Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameterized Columns A column that requires a client provided parameter, and a parameterized column of typ...
GHSA-8XPJ-9J9G-FC9R SQL Injection in elide-datastore-aggregation
Impact When leveraging the following together: - Elide Aggregation Data Store for Analytic Queries - Parameterized Columns A column that requires a client provided parameter - A parameterized column of type TEXT There is the potential for a hacker to provide a carefully crafted query that would...
SQL Injection in elide-datastore-aggregation
Impact When leveraging the following together: - Elide Aggregation Data Store for Analytic Queries - Parameterized Columns A column that requires a client provided parameter - A parameterized column of type TEXT There is the potential for a hacker to provide a carefully crafted query that would...
com.yahoo.elide:elide-spring-boot-starter (=6.1.3), com.yahoo.elide:elide-standalone (=6.1.3) potentially affected by CVE-2022-24827 via com.yahoo.elide:elide-datastore-aggregation (=6.1.3)
com.yahoo.elide:elide-datastore-aggregation MAVEN version =6.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on com.yahoo.elide:elide-datastore-aggregation and may be impacted: - com.yahoo.elide:elide-spring-boot-starter =6.1.3 -...
Elide Authorization Issues Vulnerability
Elide is a self-contained API for web and mobile applications written in Java. An authorization issue vulnerability exists in versions of Elide prior to 4.5.14. The vulnerability stems from a lack of authentication measures or insufficient authentication strength in a networked system or product...
CVE-2020-5289
In Elide before 4.5.14, it is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The...
CVE-2020-5289
In Elide before 4.5.14, it is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The...
Design/Logic Flaw
In Elide before 4.5.14, it is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The...