`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4.1.2 to remedy the vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-03-16T15:25:30.551Z
Updated: 2024-08-02T12:30:24.268Z
Reserved: 2023-03-10T18:34:29.226Z
Link: CVE-2023-28104
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-03-16T16:15:12.750
Modified: 2024-11-21T07:54:24.717
Link: CVE-2023-28104
Redhat
No data.