CVE-2022-26885 When using tasks to read config files, there is a risk of database password disclosure
Keep in mind that setting up tasks to read config files is a best practice and not a hard requirement. It’s recommended to do
CVE-2022-41876: Insecure Storage of Sensitive Information in ezplatform-graphql Prior to Versions 2.3.12 and 1..13
ezplatform-graphql is a popular GraphQL server implementation used in Ibexa DXP and Ibexa Open Source. Unfortunately, in versions prior to 2.3.12 and 1.
CVE-2022-39382 - Keystone Headless CMS NODE_ENV Vulnerability in Production Builds
Keystone is a popular headless CMS built on top of Node.js, leveraging the power of GraphQL and React for fast and efficient content management.
CVE-2022-39275 Saleor is a GraphQL platform that was affected by a vulnerability that allowed access to data that should only be accessible to the user who is authenticated.
We would also like to announce that our security team has recently discovered another issue related to the GraphQL API. This new issue, discovered by
CVE-2022-37734 GraphQL is vulnerable to DOS. An attacker can send a malicious query that consumes CPU resources.
An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4,
Episode
00:00:00
00:00:00