CVE-2023-25575

API Platform Core (server component) has a vulnerability where resource properties secured with ApiProperty security can be disclosed to unauthorized users in collection endpoints. The issue affects most serialization formats (JSON by default) but not JSON-LD, and only the first item’s rule resul...

CVE-2019-1000011

CVE-2019-1000011 affects API Platform core (PHP) 2.2.0–2.3.5, due to an Incorrect Access Control flaw in GraphQL delete mutations. The vulnerability allows a user who is authorized to delete a resource to delete any resource. The issue’s impact and existence are documented in multiple sources (in...