Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe graphql vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-12437
In SilverStripe up to and including 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,
Silverstripe Silverstripe
7.5
CVSSv3
CVE-2023-40180
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed grap...
Silverstripe Graphql
7.5
CVSSv3
CVE-2023-28104
`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affe...
Silverstripe Graphql 4.1.1
Silverstripe Graphql 4.2.2
6.5
CVSSv3
CVE-2020-26136
In SilverStripe up to and including 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication.
Silverstripe Silverstripe 4.6.0
Silverstripe Silverstripe
5.3
CVSSv3
CVE-2023-44401
The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 before 4.3.7 and 5.0.0 before 5.1.3, `canView` permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater th...
Silverstripe Graphql
5.3
CVSSv3
CVE-2020-6165
SilverStripe 4.5.0 allows malicious users to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against ...
Silverstripe Silverstripe
4.3
CVSSv3
CVE-2021-28661
Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x up to and including 3.4.1 permission checker not inherited by query subclass.
Silverstripe Silverstripe
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started