20 matches found
EUVD-2021-2253
Malware in sbrugna...
EUVD-2021-1357
Malware in sbrugna...
EUVD-2023-0897
Malicious code in bioql PyPI...
CVE-2023-28104
silverstripe/graphql serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with...
CVE-2021-28661
Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...
CVE-2020-26136
In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA multi-factor authentication when using basic authentication...
Cross Site Request Forgery (CSRF)
silverstripe/graphql is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is due to the lack of CSRF protection, allowing authenticated users to unwittingly trigger GET requests that can modify or delete data on the server...
Permission Bypass
silverstripe/graphql is vulnerable to Permission Bypass. The vulnerability is due to ORM data in paginated GraphQL queries when the total number of records exceeded the page size. This allows attacker unauthorized access to data beyond the intended permission scope...
CVE-2023-44401 Silverstripe GraqhQL's view permissions are bypassed for paginated lists of ORM data
The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number o...
Distributed Denial Of Service (DDoS)
silverstripe/graphql is vulnerable to Distributed Denial Of Service attacks. The vulnerability is due to publicly exposed graphql schemas because it does not properly validate recursive queries, allowing an attacker to send recursive queries into the system...
Design/Logic Flaw
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...
CVE-2023-40180 Denial of service vulnerability in silverstripe-graphql via recursive queries
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...
CVE-2023-40180 Denial of service vulnerability in silverstripe-graphql via recursive queries
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...
CVE-2023-40180 Denial of service vulnerability in silverstripe-graphql via recursive queries
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...
CVE-2023-28104 silverstripe/graphql Denial of Service vulnerability
silverstripe/graphql serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with...
CVE-2023-28104 silverstripe/graphql Denial of Service vulnerability
silverstripe/graphql serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with...
CVE-2023-28104 silverstripe/graphql Denial of Service vulnerability
silverstripe/graphql serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with...
CVE-2021-28661
Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...
CVE-2021-28661
Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...
Cross-Site Request Forgery (CSRF)
silverstripe/graphql is vulnerable to cross-site request forgery CSRF. The code change that implements CSRF protection on GraphQL mutation queries does not adequately verify the authenticity of requests on GraphQL endpoints. A GraphQL query formed with a fragment portion before the mutation would...