13 matches found
CVE-2026-6617 langgenius dify ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema server-side request forgery
A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function getapitoolproviderremoteschema of the file api/services/tools/apitoolsmanageservice.py of the component ApiToolManageService. Performing a manipulation of the argument url results in server-side...
CVE-2026-6617 langgenius dify ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema server-side request forgery
A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function getapitoolproviderremoteschema of the file api/services/tools/apitoolsmanageservice.py of the component ApiToolManageService. Performing a manipulation of the argument url results in server-side...
EUVD-2021-34744
Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema URLs through the addremoteschema endpoint. Attackers can exploit the vulnerability by sending crafted POST requests to the /v1/query endpoint with malicious URL...
CVE-2021-47715
Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema URLs through the addremoteschema endpoint. Attackers can exploit the vulnerability by sending crafted POST requests to the /v1/query endpoint with malicious URL...
CVE-2021-47715
Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema URLs through the addremoteschema endpoint. Attackers can exploit the vulnerability by sending crafted POST requests to the /v1/query endpoint with malicious URL...
CVE-2021-47715 Hasura GraphQL 1.3.3 Server-Side Request Forgery via Remote Schema Injection
Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema URLs through the addremoteschema endpoint. Attackers can exploit the vulnerability by sending crafted POST requests to the /v1/query endpoint with malicious URL...
CVE-2021-47715
Hasura GraphQL Engine 1.3.3 is exposed to a server-side request forgery via the add_remote_schema endpoint. The underlying issue allows injection of arbitrary remote schema URLs by crafting POST requests to /v1/query, potentially enabling access to internal network resources. Affected component: ...
CVE-2021-47715 Hasura GraphQL 1.3.3 Server-Side Request Forgery via Remote Schema Injection
Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema URLs through the addremoteschema endpoint. Attackers can exploit the vulnerability by sending crafted POST requests to the /v1/query endpoint with malicious URL...
PT-2025-52691
Name of the Vulnerable Software and Affected Versions Hasura GraphQL version 1.3.3 Description A server-side request forgery issue exists in Hasura GraphQL. Attackers can inject arbitrary remote schema URLs through the add remote schema endpoint. Exploitation involves sending crafted POST request...
Hasura GraphQL Engine 代码问题漏洞
Hasura GraphQL Engine is a very fast GraphQL server from Hasura open source. A code issue vulnerability exists in Hasura GraphQL Engine version 1.3.3, which stems from a remote schema URL injection that could lead to server-side request forgery...
Cache Poisoning
check-jsonschema is vulnerable to Cache Poisoning. The vulnerability is due to improper handling of schema caching, where the basename of a remote schema URL is used as the cache filename. This allows attackers to insert malicious schemas into the cache via schema URL conflicts, potentially causi...
Acceptance of Extraneous Untrusted Data With Trusted Data
Overview check-jsonschema is an A jsonschema CLI and pre-commit hook Affected versions of this package are vulnerable to Acceptance of Extraneous Untrusted Data With Trusted Data via the default caching mechanism for remote schemas. An attacker can manipulate the cache to insert a malicious schem...
check-jsonschema 安全漏洞
check-jsonschema is a Python + JSON Schema open source CLI for jsonschema validation. A security vulnerability exists in check-jsonschema that stems from a default caching policy that uses the base name of a remote schema as the name of a file in the cache, e.g...