EUVD-2023-1505

Malicious code in bioql PyPI...

CVE-2023-31135

Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being...

CVE-2023-31135

Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being...

Design/Logic Flaw

Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being...

Dgraph Audit Log Encryption Vulnerability

Impact Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. All audit logs generated by versions of Dgraph v23.0.0 are affected. Patches This issue was patched in https://github.com/dgraph-io/dgraph/pull/8323. Dgraph users should upgrade to v23.0.0. Workaround...

GHSA-92WQ-Q9PQ-GW47 Dgraph Audit Log Encryption Vulnerability

Impact Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. All audit logs generated by versions of Dgraph v23.0.0 are affected. Patches This issue was patched in https://github.com/dgraph-io/dgraph/pull/8323. Dgraph users should upgrade to v23.0.0. Workaround...

CVE-2023-31135

CVE-2023-31135 affects Dgraph audit logs due to nonce collisions in the log encryption scheme. The first 12 bytes come from a baseIv, and the last 4 bytes from the log line length; because log lines often share the same length, nonces are reused. All audit logs generated by versions

CVE-2023-31135 Dgraph Audit Log Encryption nonce reuse

Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being...

PT-2023-23169 · Dgraph · Dgraph

Name of the Vulnerable Software and Affected Versions: Dgraph versions prior to v23.0.0 Description: Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is...