CVE-2024-4472 - GitLab Dependency Proxy Credentials Leak via GraphQL Logs — In-Depth Analysis and Exploit Example
Table of Contents
Introduction
In June 2024, GitLab disclosed a sensitive security issue, now tracked as CVE-2024-4472. If you use GitLab's Dependency Proxy
CVE-2024-34152 - Exploiting Mattermost Playbook Metadata Leak via RHSRuns GraphQL Query
In May 2024, a significant vulnerability was found in Mattermost, a popular self-hosted messaging platform used by many businesses and open-source communities. Cataloged as CVE-2024-34152,
CVE-2024-32971 - Apollo Router Cache Bug Can Execute Wrong Operations (Explained, With Exploit Scenario)
CVE-2024-32971 is a recently disclosed vulnerability in Apollo Router, a popular Rust-based graph router used to run federated supergraphs with Apollo Federation 2. This bug
CVE-2024-28101 - How Highly Compressed HTTP Payloads Could Crash Your Apollo Router—and How to Fix It
If you use Apollo Router, you should pay close attention to CVE-2024-28101. This newly disclosed Denial-of-Service (DoS) vulnerability could let attackers eat up tons of
CVE-2023-23684 - Unpacking the WPGraphQL SSRF Vulnerability (From n/a through 1.14.5)
The WordPress ecosystem never sleeps—and neither do bad actors looking for vulnerable plugins. One such high-profile security problem is CVE-2023-23684, a Server-Side Request Forgery
Episode
00:00:00
00:00:00