CVE-2022-36084 cruddl vulnerable to AQL injection through flexSearch

cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema. If cruddl starting with version 1.1.0 and prior to versions 2.7.0 and 3.0.2 is used to generate a schema that uses @flexSearchFulltext, users of that schema may be able to inject arbitrary AQL...

PT-2022-23173 · Arangodb +1 · Arangodb +1

Name of the Vulnerable Software and Affected Versions: cruddl versions 1.1.0 through 2.6.x cruddl versions 3.0.0 through 3.0.1 Description: The issue affects cruddl when used to generate a schema that uses @flexSearchFulltext. Users of that schema may be able to inject arbitrary AQL queries that...