CVE-2022-39275 Saleor is a GraphQL platform that was affected by a vulnerability that allowed access to data that should only be accessible to the user who is authenticated.
We would also like to announce that our security team has recently discovered another issue related to the GraphQL API. This new issue, discovered by
CVE-2022-37734 GraphQL is vulnerable to DOS. An attacker can send a malicious query that consumes CPU resources.
An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4,
CVE-2022-31173 Juniper is a GraphQL server library for Rust that is vulnerable to uncontrolled recursion that can lead to a program crash. Upgrading to version 0.15.10 is recommended.
All users advised to upgrade to version 0.15.10. Affected versions are Juniper, Juniper, Juniper (Juniper). This security advisory will be updated when more
CVE-2022-25863 The gatsby-plugin-mdx package from 3.0.0 and 3.15.2 is vulnerable to Deserialization of Untrusted Data due to default configurations that are missing input sanitization.
Previously, it was possible to trigger a Denial of Service (DoS) in the plugin via a specially crafted MDX file, by passing a large number
Episode
00:00:00
00:00:00