10 matches found
EUVD-2024-0378
Malicious code in bioql PyPI...
CVE-2023-44401
The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number o...
Permission Bypass
silverstripe/graphql is vulnerable to Permission Bypass. The vulnerability is due to ORM data in paginated GraphQL queries when the total number of records exceeded the page size. This allows attacker unauthorized access to data beyond the intended permission scope...
CVE-2023-44401
The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number o...
CVE-2023-44401 Silverstripe GraqhQL's view permissions are bypassed for paginated lists of ORM data
The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number o...
CVE-2023-44401 Silverstripe GraqhQL's view permissions are bypassed for paginated lists of ORM data
The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number o...
CVE-2023-44401
The CVE-2023-44401 issue affects the Silverstripe GraphQL Server. In Silverstripe CMS versions 4.0.0–4.3.7 and 5.0.0–5.1.2, canView permission checks can be bypassed for ORM data in paginated GraphQL query results where total records exceed a page size (including queries with explicit limits). Th...
GHSA-JGPH-W8RH-XF5P View permissions are bypassed for paginated lists of ORM data
Impact canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn’t paginated per se. This ha...
View permissions are bypassed for paginated lists of ORM data
Impact canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn’t paginated per se. This ha...
CVE-2023-44401 View permissions are bypassed for paginated lists of ORM data in GraphQL queries
More info at https://www.silverstripe.org/download/security-releases/CVE-2023-44401...