101 matches found
GraphQL Java vulnerable to stack consumption
In GraphQL Java aka graphql-java before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135...
CVE-2023-28867
In GraphQL Java aka graphql-java before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135...
CVE-2023-28867
In GraphQL Java aka graphql-java before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135...
Design/Logic Flaw
In GraphQL Java aka graphql-java before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135...
PT-2023-22016 · Unknown · Graphql-Java
Name of the Vulnerable Software and Affected Versions: graphql-java versions prior to 20.1 graphql-java versions prior to 19.4 graphql-java versions prior to 18.4 graphql-java versions prior to 17.5 Description: An attacker can send a crafted GraphQL query that causes stack consumption. The issue...
CVE-2023-28867
In GraphQL Java aka graphql-java before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135...
CVE-2023-28867
In GraphQL Java aka graphql-java before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135...
GraphQL Java 安全漏洞
GraphQL Java is GraphQL Java open source a GraphQL Java implementation . Query language and server-side runtime for application programming interfaces APIs. A security vulnerability exists in versions of GraphQL Java prior to 20.1 that stems from an attacker's ability to send crafted GraphQL...
Security Bulletin: CVE-2022-37734 may affect IBM CICS TX Standard
Summary WebSphere Application Server Liberty is vulnerable to denial of service due to GraphQL Java. This affects IBM WebSphere Liberty used by IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-37734 DESCRIPTION: GraphQL Java is...
Security Bulletin: CVE-2022-37734 may affect IBM CICS TX Advanced
Summary WebSphere Application Server Liberty is vulnerable to denial of service due to GraphQL Java. This affects IBM WebSphere Liberty used by IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-37734 DESCRIPTION: GraphQL Java is...
Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to HTTP header injection and affected by denial of services due to multiple vulnerabilities.
Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to an HTTP header injection caused by improper validation, and affected by a denial of service in GraphQL Java, a denial of service in CyberNeko HTML, and a denial of service in protobuf-java as described in the vulnerabilit...
Security Bulletin: Vulnerability in GraphQL Java may affect IBM Robotic Process Automation and result in a denial of service (CVE-2022-37734)
Summary There is a vulnerability in the Java used by IBM Robotic Process Automation as part of it's infrastructure, license management and UMS which may result in a denial of service. CVE-2022-37734. This bulletin identifies the security fixes to apply to address this vulnerability. Vulnerability...
Security Bulletin: Liberty is vulnerable to denial of service due to GraphQL Java affecting IBM TXSeries for Multiplatforms
Summary Liberty is vulnerable to a denial of service due to GraphQL Java mpGraphQL-1.0 or mpGraphQL-2.0 caused by an uncontrolled resource consumption flaw. This affects WebSphere Application Server Liberty versions 17.0.0.3 - 22.0.0.11 used by IBM TXSeries for Multiplatforms. IBM TXSeries for...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using Liberty are vulnerable to denial of service due to GraphQL Java CVE-2022-37734
Summary The IBM® Engineering Lifecycle Engineering products using Liberty are vulnerable to denial of service due to GraphQL Java, affected features are mpGraphQL-1.0 or mpGraphQL-2.0 . Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products...
Security Bulletin: GraphQL Denial of Service security vulnerability CVE-2022-37734
Summary GraphQL has a Denial of Service security vulnerability CVE-2022-37734 in GraphQL-java Vulnerability Details CVEID:CVE-2022-37734 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a specially-crafted request usin...
graphql-java: DoS by malicious query
A flaw was found in GraphQL Java. This flaw allows an attacker to use a malicious query in GraphQL to cause a denial of service due to inefficient lexer input validation...
Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2022-24839, CVE-2022-37734, CVE-2022-34165)
Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-24839 DESCRIPTION: Sparkle Motion Nokogiri is vulnerable to a denial o...
Security Bulletin: IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty vulnerable to GraphQL Java is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. (CVE-2022-37734)
Summary IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty vulnerable to GraphQL Java is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a specially-crafted request using Directive overloading, a remote attacker...
Security Bulletin: Vulnerability in GraphQL Java affects IBM Event Streams (CVE-2022-37734)
Summary There is a vulnerability in GraphQL Java that is used by IBM Event Streams. Vulnerability Details CVEID:CVE-2022-37734 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a specially-crafted request using Directiv...
Security Bulletin: Rational Asset Analyzer is vulnerable to denial of service due to GraphQL Java (CVE-2022-37734)
Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by Rational Asset Analyzer. This vulnerability is located in the GraphQL Java library used by IBM WebSphere Application Server Liberty, with the mpGraphQL-1.0 or mpGraphQL-2.0 feature enabled. This has been addresse...