GHSA-3H96-34P3-XM76 GraphQL-Ruby's Ruby lexer does not count comment tokens for the purposes of max_query_string_tokens

GraphQL-Ruby's maxquerystringtokens configuration didn't count comment tokens against the limit, allowing strings to be processed even after the configured maximum had actually been reached. In patched versions, the Ruby lexer does count these tokens. GraphQL-CParser is not affected by this...

GraphQL-Ruby's Ruby lexer does not count comment tokens for the purposes of max_query_string_tokens

GraphQL-Ruby's maxquerystringtokens configuration didn't count comment tokens against the limit, allowing strings to be processed even after the configured maximum had actually been reached. In patched versions, the Ruby lexer does count these tokens. GraphQL-CParser is not affected by this...

Allocation of Resources Without Limits or Throttling

Overview graphql is a plain-Ruby implementation of GraphQL. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper counting of comment tokens in the maxquerystringtokens configuration. An attacker can cause excessive resource...

Unbounded Loop

Lines of code Vulnerability details 🎨 Category Denial of Service 💥 Impact If the number of tokensReceived gets too big, the transaction's gas cost could exceed the block gas limit and make it impossible to call previewRedeem at all. 📝 Proof of Concept previewRedeem function iterates over all...

Cosmos: Race condition in faucet when using starport

Hi team, I and Aditya sent this bug over email on Wed, 29 Dec, 17:45 IST. Later we noticed that security reports are accepted via the HackerOne program. So, I am sending a copy of the bug report here. Summary: We were testing an application and we found a race condition bug in the faucet...