Security Advisories - silverstripe/graphql - Packagist

silverstripe/graphql Security Advisories for 3.4.0-rc1 (3)

[HIGH] CVE-2023-40180 DDOS Vulnerability on GraphQL due to lack of protection against recursive queries

PKSA-r8b1-wm85-sfnm CVE-2023-40180 GHSA-v23w-pppm-jh66

Affected version: >=3.0.0,<3.8.2|>=4.0.0,<4.1.3|>=4.2.0,<4.2.5|>=4.3.0,<4.3.4|>=5.0.0,<5.0.3

Reported by:
GitHub, FriendsOfPHP/security-advisories
[MEDIUM] CVE-2020-26136 GraphQL doesn't honour MFA when using basic auth

PKSA-qjqs-6v6h-ygd5 CVE-2020-26136 GHSA-mg2g-8pwj-r2j2

Affected version: >=3.0.0,<3.5.0|>=4.0.0-alpha1,<4.0.0-alpha2

Reported by:
GitHub, FriendsOfPHP/security-advisories
[MEDIUM] CVE-2021-28661 Default GraphQL permission checker not inherited by query subclass

PKSA-xsgp-6qh9-44d8 CVE-2021-28661 GHSA-r7rh-g777-g5gx

Affected version: >=3.0.0,<3.5.2

Reported by:
GitHub, FriendsOfPHP/security-advisories