@atto-byte/yoga (>=0.6.0 <=0.6.6), @britishcouncil/grizzly (>=0.1.0 <=0.3.3) +22 more potentially affected by unknown CVE via graphql-shield (>=3.2.5 <=5.7.3)

graphql-shield NPM version =3.2.5, =0.6.0, =0.1.0, =1.0.2-alpha.11, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.6, =0.0.0, =0.0.1, =1.0.0, =0.0.5, =0.0.1, =0.0.2 - ustart =1.0.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-HX78-272P-MQQH...

Authorization Bypass in graphql-shield

Versions of graphql-shield prior to 6.0.6 are vulnerable to an Authorization Bypass. The rule caching option nocache relies on keys generated by cryptographically insecure functions, which may cause rules to be incorrectly cached. This allows attackers to access information they should not have...

GHSA-HX78-272P-MQQH Authorization Bypass in graphql-shield

Versions of graphql-shield prior to 6.0.6 are vulnerable to an Authorization Bypass. The rule caching option nocache relies on keys generated by cryptographically insecure functions, which may cause rules to be incorrectly cached. This allows attackers to access information they should not have...

Authorization Bypass

graphql-shield is vulnerable to authorization bypass. There is a flaw in rule setting for nocache option which uses keys generated from insecure cryptographic functions, allowing an attacker to incorrectly cache rules and access information via key collision...

Authorization Bypass

Overview Versions of graphql-shield prior to 6.0.6 are vulnerable to an Authorization Bypass. The rule caching option nocache relies on keys generated by cryptographically insecure functions, which may cause rules to be incorrectly cached. This allows attackers to access information they should n...