silverstripe/graphql Security Advisories (8)
-
[MEDIUM] CVE-2023-44401 View permissions are bypassed for paginated lists of ORM data in GraphQL queries
PKSA-yqpc-bjrb-6dq8 CVE-2023-44401 GHSA-jgph-w8rh-xf5p
Affected version: >=4.0.0,<4.3.7|>=5.0.0,<5.1.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] CVE-2023-40180 DDOS Vulnerability on GraphQL due to lack of protection against recursive queries
PKSA-r8b1-wm85-sfnm CVE-2023-40180 GHSA-v23w-pppm-jh66
Affected version: >=3.0.0,<3.8.2|>=4.0.0,<4.1.3|>=4.2.0,<4.2.5|>=4.3.0,<4.3.4|>=5.0.0,<5.0.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] CVE-2023-28104 DDOS attack on graphql endpoints
PKSA-7g12-9p45-n9wk CVE-2023-28104 GHSA-67g8-c724-8mp3
Affected version: >=4.1.1,<4.1.2|>=4.2.2,<4.2.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2020-26136 GraphQL doesn't honour MFA when using basic auth
PKSA-qjqs-6v6h-ygd5 CVE-2020-26136 GHSA-mg2g-8pwj-r2j2
Affected version: >=3.0.0,<3.5.0|>=4.0.0-alpha1,<4.0.0-alpha2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2021-28661 Default GraphQL permission checker not inherited by query subclass
PKSA-xsgp-6qh9-44d8 CVE-2021-28661 GHSA-r7rh-g777-g5gx
Affected version: >=3.0.0,<3.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2020-6165: Limited queries break CanViewPermissionChecker
PKSA-rgqh-7gmx-d8s5 CVE-2020-6165 GHSA-589q-75r3-mfq4
Affected version: >=3.2.0,<3.2.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] CVE-2019-12437: Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL
PKSA-34zg-y8wx-jgc2 CVE-2019-12437 GHSA-fx37-56v6-85q6
Affected version: >=2.0.0,<2.0.5|>=3.0.0,<3.1.2|>=3.1.0,<3.1.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] SS-2018-007: CSRF vulnerability in graphql
PKSA-c7x9-smqg-qmjv GHSA-wjg9-v8cf-f5q2
Affected version: >=2.0.0,<2.0.3
Reported by:
GitHub, FriendsOfPHP/security-advisories