3 matches found
CVE-2023-28104
CVE-2023-28104 affects silverstripe/graphql. In versions 4.2.2 and 4.1.1, a specially crafted GraphQL query could cause a denial-of-service against websites with publicly exposed GraphQL endpoints, especially those with large/complex schemas. Impact is denial of service affecting availability; re...
CVE-2023-40180
The CVE-2023-40180 issue affects silverstripe-graphql, where publicly exposed GraphQL schemas can be abused by recursive queries to trigger a Denial of Service. The root cause is lack of validation for recursive/complex queries, enabling high-resource consumption on affected sites (especially wit...
CVE-2023-44401
The CVE-2023-44401 issue affects the Silverstripe GraphQL Server. In Silverstripe CMS versions 4.0.0–4.3.7 and 5.0.0–5.1.2, canView permission checks can be bypassed for ORM data in paginated GraphQL query results where total records exceed a page size (including queries with explicit limits). Th...