`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4.1.2 to remedy the vulnerability.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-03-16T15:25:30.551Z

Updated: 2024-08-02T12:30:24.268Z

Reserved: 2023-03-10T18:34:29.226Z

Link: CVE-2023-28104

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-03-16T16:15:12.750

Modified: 2024-11-21T07:54:24.717

Link: CVE-2023-28104

cve-icon Redhat

No data.