12 matches found
CVE-2024-39895
Directus is a real-time API and App dashboard for managing SQL database content. A denial of service DoS attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single...
EUVD-2024-2287
Malicious code in bioql PyPI...
Denial Of Service (DoS)
Directus is vulnerable to Denial Of Service DoS. The vulnerability is due to field duplication in GraphQL, where an attacker can overwhelm the server by requesting the same field multiple times in a single query, leading to excessive resource consumption and denial of service for legitimate users...
Directus GraphQL Field Duplication Denial of Service (DoS)
Summary A denial of service DoS attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single query. This can cause the server to perform redundant computations and...
GHSA-7HMH-PFRP-VCX4 Directus GraphQL Field Duplication Denial of Service (DoS)
Summary A denial of service DoS attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single query. This can cause the server to perform redundant computations and...
CVE-2024-39895 Directus GraphQL Field Duplication Denial of Service (DoS)
Directus is a real-time API and App dashboard for managing SQL database content. A denial of service DoS attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single...
CVE-2024-39895 Directus GraphQL Field Duplication Denial of Service (DoS)
Directus is a real-time API and App dashboard for managing SQL database content. A denial of service DoS attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single...
PT-2024-28713
Name of the Vulnerable Software and Affected Versions Directus versions prior to 10.12.0 Description A denial of service DoS attack by field duplication in GraphQL is possible, where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times ...
Ubuntu 18.04 LTS : http-parser vulnerability (USN-5563-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5563-1 advisory. It was discovered that http-parser incorrectly handled certain requests. An attacker could possibly use this issue to bypass security controls or gain unauthorize...
GraphQL Cop - Security Auditor Utility For GraphQL APIs
GraphQL Cop is a small Python utility to run common security tests against GraphQL APIs. Requirements Python3 Requests Library Detections Alias Overloading DoS Batch Queries DoS GET based Queries CSRF GraphQL Tracing / Debug Modes Info Leak Field Duplication DoS Field Suggestions Info Leak Graphi...
WPGraphQL < 1.3.6 - Denial of Service
The plugin suffers from a Denial of Service vulnerability by Field Duplication. It is possible to create an expensive query by duplicating the number of fields, while simultaneously sending these requests in batches using GraphQL's Batching capability. v1.3.6 added a setting to disable batch...
WPGraphQL < 1.3.6 - Denial of Service
The plugin suffers from a Denial of Service vulnerability by Field Duplication. It is possible to create an expensive query by duplicating the number of fields, while simultaneously sending these requests in batches using GraphQL's Batching capability. v1.3.6 added a setting to disable batch...