Silverstripe

Graphql

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2023-44401

  • EPSS 0.19%
  • Veröffentlicht 23.01.2024 14:15:37
  • Zuletzt bearbeitet 21.11.2024 08:25:49

The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, `canView` permission checks are bypassed for ORM data in paginated GraphQL query results where the tot...

7.5

CVE-2023-40180

  • EPSS 0.59%
  • Veröffentlicht 16.10.2023 19:15:10
  • Zuletzt bearbeitet 21.11.2024 08:18:56

silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websi...

7.5

CVE-2023-28104

  • EPSS 0.64%
  • Veröffentlicht 16.03.2023 16:15:12
  • Zuletzt bearbeitet 21.11.2024 07:54:24

`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed grap...