@grackle-ai/cli (>=0.0.2 <=0.108.4) potentially affected by unknown CVE via @grackle-ai/server (>=0.0.2 <=0.70.5)

@grackle-ai/server NPM version =0.0.2, =0.0.2, =0.108.4 Source cves: unknown CVE Source advisory: SNYK:JS-GRACKLEAISERVER-15840331...

@grackle-ai/cli (>=0.0.2 <=0.108.4) potentially affected by unknown CVE via @grackle-ai/server (>=0.0.2 <=0.70.4)

@grackle-ai/server NPM version =0.0.2, =0.0.2, =0.108.4 Source cves: unknown CVE Source advisory: SNYK:JS-GRACKLEAISERVER-15840037...

Protection Mechanism Failure

Overview @grackle-ai/server is a Grackle server orchestrator — spawns and wires core gRPC, web-server HTTP, MCP, and PowerLine Affected versions of this package are vulnerable to Protection Mechanism Failure due to missing security headers in HTTP responses. An attacker can compromise the securit...

@grackle-ai/cli (>=0.0.2 <=0.108.4) potentially affected by unknown CVE via @grackle-ai/server (>=0.0.2 <=0.70.4)

@grackle-ai/server NPM version =0.0.2, =0.0.2, =0.108.4 Source cves: unknown CVE Source advisory: SNYK:JS-GRACKLEAISERVER-15840038...

Missing Authentication for Critical Function

Overview @grackle-ai/powerline is a gRPC PowerLine server for Grackle AI agent integration Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the PowerLine gRPC server when when --token is not provided and GRACKLEPOWERLINETOKEN is not set. An...

Origin Validation Error

Overview @grackle-ai/server is a Grackle server orchestrator — spawns and wires core gRPC, web-server HTTP, MCP, and PowerLine Affected versions of this package are vulnerable to Origin Validation Error via the connection handler process. An attacker can gain unauthorized access to real-time...

@grackle-ai/cli (>=0.0.2 <=0.108.4) potentially affected by unknown CVE via @grackle-ai/server (>=0.0.2 <=0.70.2)

@grackle-ai/server NPM version =0.0.2, =0.0.2, =0.108.4 Source cves: unknown CVE Source advisory: SNYK:JS-GRACKLEAISERVER-15840352...

@grackle-ai/cli (>=0.0.2 <=0.108.4) potentially affected by unknown CVE via @grackle-ai/server (>=0.0.2 <=0.70.0)

@grackle-ai/server NPM version =0.0.2, =0.0.2, =0.108.4 Source cves: unknown CVE Source advisory: SNYK:JS-GRACKLEAISERVER-15840033...

Cross-site Scripting (XSS)

Overview @grackle-ai/server is a Grackle server orchestrator — spawns and wires core gRPC, web-server HTTP, MCP, and PowerLine Affected versions of this package are vulnerable to Cross-site Scripting XSS via the renderPairingPage function. An attacker can inject malicious scripts into the rendere...

CVE-2023-50730

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

EUVD-2023-3206

Malicious code in bioql PyPI...

CVE-2023-50730

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

Stack overflow

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

CVE-2023-50730 Grackle has StackOverflowError in GraphQL query processing

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

CVE-2023-50730 Grackle has StackOverflowError in GraphQL query processing

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

CVE-2023-50730

CVE-2023-50730 affects Grackle, a Scala GraphQL server. The vulnerabilities arise from two stack-related issues: (1) cyclic GraphQL fragments could trigger a JVM StackOverflowError during type checking/compilation, and (2) the cats-parse recursive operator used in the parser isn’t stack-safe, ena...

Grackle Security Breach

Grackle is a GraphQL server written in functional Scala from the Typelevel project. A security vulnerability exists in Grackle versions prior to 0.18.0 that stems from the presence of a stack overflow, which could lead to a potential denial of service...

Stack Overflow

Grackle is vulnerable to Stack Overflow Vulnerability. The vulnerability is due to improper bound check while parsing graphql queries. This can lead to application crash resulting in Denial Of Service DOS...

org.typelevel:grackle-circe_2.13 (>=0.15.0 <=0.17.2), org.typelevel:grackle-doobie-pg_2.13 (>=0.15.0 <=0.17.2) +3 more potentially affected by CVE-2023-50730 via org.typelevel:grackle-core_2.13 (>=0.15.0 <=0.17.2)

org.typelevel:grackle-core2.13 MAVEN version =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.17.2 Source cves: CVE-2023-50730 Source advisory: OSV:GHSA-G56X-7J6W-G8R8...

org.typelevel:grackle-circe_sjs1_2.13 (>=0.15.0 <=0.17.2), org.typelevel:grackle-generic_sjs1_2.13 (>=0.15.0 <=0.17.2) +2 more potentially affected by CVE-2023-50730 via org.typelevel:grackle-core_sjs1_2.13 (>=0.15.0 <=0.17.2)

org.typelevel:grackle-coresjs12.13 MAVEN version =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.17.2 Source cves: CVE-2023-50730 Source advisory: OSV:GHSA-G56X-7J6W-G8R8...