9 matches found
EUVD-2025-12540
Malicious code in bioql PyPI...
@cedarjs/api-server (>=0.0.4 <=9.0.0-canary.1784), @cedarjs/cli (>=0.0.4 <=9.0.0-canary.1784) +49 more potentially affected by unknown CVE via @escape.tech/graphql-armor-max-depth (>=2.0.0 <=2.4.1)
@escape.tech/graphql-armor-max-depth NPM version =2.0.0, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.9.1-next.19, =0.0.4, =0.0.4, =0.0.2, =2.0.0, =2.0.6, =2.2.2, =2.19.6 and more Source cves: unknown CVE Source advisory: SNYK:JS-ESCAPETECHGRAPHQLARMORMAXDEPTH-12219956...
Allocation of Resources Without Limits or Throttling
Overview @escape.tech/graphql-armor-max-depth is a Limit the depth allowed in a GraphQL query. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the countDepth function. An attacker can cause excessive resource consumption by crafting...
GraphQL Armor Max-Depth Plugin Bypass via Introspection Query Obfuscation
Summary A query depth restriction using the max-depth property can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the countDepth function, we have the following check for the ignoreIntrospection option...
GHSA-HMFR-RX46-4JX2 GraphQL Armor Max-Depth Plugin Bypass via Introspection Query Obfuscation
Summary A query depth restriction using the max-depth property can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the countDepth function, we have the following check for the ignoreIntrospection option...
@cedarjs/api-server (>=0.0.4 <=9.0.0-canary.1784), @cedarjs/cli (>=0.0.4 <=9.0.0-canary.1784) +65 more potentially affected by unknown CVE via @escape.tech/graphql-armor-cost-limit (>=1.7.0 <=2.4.1)
@escape.tech/graphql-armor-cost-limit NPM version =1.7.0, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.9.1-next.19, =0.0.4, =0.0.4, =0.0.2, =1.0.6, =2.0.6, =2.2.2, =2.19.6 and more Source cves: unknown CVE Source advisory: OSV:GHSA-733V-P3H5-QPQ7...
GHSA-733V-P3H5-QPQ7 GraphQL Armor Cost-Limit Plugin Bypass via Introspection Query Obfuscation
Summary A query cost restriction using the cost-limit can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the computeComplexity function, we have the following check for ignoreIntrospection option: ts i...
GraphQL Armor Cost-Limit Plugin Bypass via Introspection Query Obfuscation
Summary A query cost restriction using the cost-limit can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the computeComplexity function, we have the following check for ignoreIntrospection option: ts i...
PT-2025-19360 · Npm · @Escape.Tech/Graphql-Armor-Cost-Limit
Summary A query cost restriction using the cost-limit can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the computeComplexity function, we have the following check for ignoreIntrospection option: ts i...