6 matches found
CVE-2026-33286 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names
Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...
CVE-2026-33286 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names
Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...
CVE-2026-33286
CVE-2026-33286 (Graphiti) affects Graphiti prior to 1.10.2. The vulnerability arises because Graphiti::Util::ValidationResponse#all_valid? calls model.send(name) using relationship names directly from user-supplied JSONAPI payloads during write operations (create/update/delete) without validating...
CVE-2026-33286 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names
Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...
GHSA-3M5V-4XP5-GJG2 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names
Summary An arbitrary method execution vulnerability has been found which affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary relationship names to invoke any public method on the underlying model instance, class or its associations...
CVE-2023-36054
lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 aka krb5 before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because xdrkadm5principalentrec does not validate the relationship between nkeydata and the keydata array...