Lucene search
+L

8 matches found

Veracode
Veracode
added 2025/09/23 9:54 a.m.5 views

Query Depth Restriction Bypass

@escape.tech/graphql-armor-max-depth is vulnerable to query depth restriction bypass. The vulnerability is due to the ignoreIntrospection option being enabled by default, which allows an attacker to bypass the max-depth restriction by naming a query or fragment schema...

7AI score
Exploits0References3Affected Software1
Veracode
Veracode
added 2025/09/23 8:44 a.m.7 views

Allocation Of Resources Without Limits

@escape.tech/graphql-armor-max-depth is vulnerable to Allocation Of Resources Without Limits. The vulnerability is due to improper introspection handling because when ignoreIntrospection is enabled the default, an attacker can name a query/fragment schema to evade max-depth checks and craft...

7AI score
Exploits0
OSV
OSV
added 2025/08/26 6:45 p.m.18 views

GHSA-224P-V68G-5G8F GraphQL Armor Max-Depth Plugin Bypass via fragment caching

Summary A query depth restriction using the max-depth can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details In the countDepth function, we have the following code that calculates the depth of a used fragment: typescript...

5.3CVSS7.1AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/08/26 6:45 p.m.12 views

GraphQL Armor Max-Depth Plugin Bypass via fragment caching

Summary A query depth restriction using the max-depth can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details In the countDepth function, we have the following code that calculates the depth of a used fragment: typescript...

7.1AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/26 6:42 p.m.14 views

GraphQL Armor Max-Depth Plugin Bypass via Introspection Query Obfuscation

Summary A query depth restriction using the max-depth property can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the countDepth function, we have the following check for the ignoreIntrospection option...

7AI score
Exploits0References4Affected Software1
OSV
OSV
added 2025/08/26 6:42 p.m.9 views

GHSA-HMFR-RX46-4JX2 GraphQL Armor Max-Depth Plugin Bypass via Introspection Query Obfuscation

Summary A query depth restriction using the max-depth property can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the countDepth function, we have the following check for the ignoreIntrospection option...

5.3CVSS7AI score
Exploits0References4
Veracode
Veracode
added 2025/05/02 5:29 a.m.12 views

Restriction Bypass

@escape.tech/graphql-armor-cost-limit is vulnerable to Restriction bypass. The vulnerability is due to the default enabling of the ignoreIntrospection setting in GraphQL servers, which fails to enforce query cost restrictions when a query or fragment is named schema, allows attackers to bypass co...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/04/25 12:0 a.m.4 views

PT-2025-19360 · Npm · @Escape.Tech/Graphql-Armor-Cost-Limit

Summary A query cost restriction using the cost-limit can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the computeComplexity function, we have the following check for ignoreIntrospection option: ts i...

5.3CVSS7.1AI score
Exploits0References5
Rows per page
Query Builder