Security
Headlines

Headlines Latest CVEs

Headline

GHSA-9pv7-vfvm-6vr7: graphql Uncontrolled Resource Consumption vulnerability

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.

Note: It was not proven that this vulnerability can crash the process.

1 year ago

#vulnerability #dos #git

graphql Uncontrolled Resource Consumption vulnerability

Moderate severity GitHub Reviewed Published Sep 20, 2023 to the GitHub Advisory Database • Updated Sep 21, 2023

Related news

CVE-2023-26144: OverlappingFieldsCanBeMergedRule: Fix performance degradation (#3958) · graphql/graphql-js@f94b511

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. **Note:** It was not proven that this vulnerability can crash the process.

1 year ago

#vulnerability #dos #js #git

ghsa: Latest News

GHSA-x52f-h5g4-8qv5: Marp Core allows XSS by improper neutralization of HTML sanitization

7 hours ago

GHSA-76h9-2vwh-w278: Apache MINA Deserialization RCE Vulnerability

1 day ago

GHSA-vm62-9jw3-c8w3: Gogs has an argument Injection in the built-in SSH server

3 days ago

GHSA-9pp6-wq8c-3w2c: Gogs allows argument injection during the previewing of changes

3 days ago

GHSA-ccqv-43vm-4f3w: Gogs allows deletion of internal files

3 days ago