Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-28104

Published: 16/03/2023 Updated: 22/03/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Graphql

Vulnerability Summary

`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4.1.2 to remedy the vulnerability.

Vulnerable Product Search on Vulmon Subscribe to Product

silverstripe graphql 4.1.1

silverstripe graphql 4.2.2

References

CWE-770https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-67g8-c724-8mp3https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.1.2https://github.com/silverstripe/silverstripe-graphql/pull/526https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.2.3https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook