10 matches found
CVE-2025-31485
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe method is meant to prevent the caching but the...
CVE-2025-31485
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe method is meant to prevent the caching but the...
CVE-2025-31481
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17...
Incorrect Authorization
Overview api-platform/graphql is an API Platform GraphQL component. Affected versions of this package are vulnerable to Incorrect Authorization via the Relay special node type. An attacker can access data or operations that should be restricted by bypassing the configured security controls. Note:...
CVE-2025-31485 GraphQL grant on a property might be cached with different objects
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe method is meant to prevent the caching but the...
CVE-2025-31481 GraphQL query operations security can be bypassed
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17...
CVE-2025-31481
API Platform Core contains a GraphQL security bypass flaw in the Relay node type that can bypass operation-level security. Affected versions include the 4.x line prior to 4.0.22 and the 3.x line prior to 3.4.17. The CVSSv3.1 base score is 7.5 (High). Remediation: upgrade to 4.0.22 or 3.4.17 (or l...
CVE-2025-31481 GraphQL query operations security can be bypassed
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17...
JVN#71535108: ANA App for iOS fails to verify SSL server certificates
ANA App for iOS provided by ALL NIPPON AIRWAYS CO., LTD fails to verify SSL server certificates CWE-295. Impact A man-in-the-middle attack may allow an attacker to obtain and/or alter on a content of communication. Solution Update the Application Update to the latest version according to the...
Squid Software Foundation Squid HTTP Caching Proxy Denial of Service Vulnerability
Squid Software Foundation Squid HTTP Caching Proxy is an open source HTTP caching proxy software . A security vulnerability exists in the handling of ESI responses in Squid Software Foundation Squid HTTP Caching Proxy versions 3.0 through 3.5.27 and 4.0 through 4.0.22. An attacker can exploit thi...