11 matches found
EUVD-2025-9737
Malicious code in bioql PyPI...
CVE-2025-31481
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17...
GraphQL query operations security can be bypassed
Summary Using the Relay special node type you can bypass the configured security on an operation. Details Here is an example of how to apply security configurations for the GraphQL operations: php ApiResource security: "isgranted'ROLEUSER'", operations: / ... / , graphQlOperations: new...
GHSA-CG3C-245W-728M GraphQL query operations security can be bypassed
Summary Using the Relay special node type you can bypass the configured security on an operation. Details Here is an example of how to apply security configurations for the GraphQL operations: php ApiResource security: "isgranted'ROLEUSER'", operations: / ... / , graphQlOperations: new...
CVE-2025-31481
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17...
Incorrect Authorization
Overview api-platform/core is a builds a fully-featured hypermedia or GraphQL API in minutes. Affected versions of this package are vulnerable to Incorrect Authorization via the Relay special node type. An attacker can access data or operations that should be restricted by bypassing the configure...
Incorrect Authorization
Overview api-platform/graphql is an API Platform GraphQL component. Affected versions of this package are vulnerable to Incorrect Authorization via the Relay special node type. An attacker can access data or operations that should be restricted by bypassing the configured security controls. Note:...
CVE-2025-31481
API Platform Core contains a GraphQL security bypass flaw in the Relay node type that can bypass operation-level security. Affected versions include the 4.x line prior to 4.0.22 and the 3.x line prior to 3.4.17. The CVSSv3.1 base score is 7.5 (High). Remediation: upgrade to 4.0.22 or 3.4.17 (or l...
PT-2025-14792
Name of the Vulnerable Software and Affected Versions API Platform Core versions prior to 4.0.22 Description The issue allows bypassing configured security on an operation using the Relay special node type in hypermedia-driven REST and GraphQL APIs. Recommendations For versions prior to 4.0.22,...
API Platform Core 安全漏洞
API Platform Core is a server component of API Platform open source by API Platform. A security vulnerability exists in API Platform Core versions prior to 4.0.21, which stems from a Relay special node type that can bypass security configuration...
Type Confusion
strawberrygraphql is vulnerable to Type Confusion. The vulnerability is due to improper handling of GraphQL types when multiple types are mapped to the same underlying model while using the relay node interface, allows an attacker to exploit type confusion to access or manipulate data from...