| CVE | CVE-2023-28104 |
| CVE Title | |
| Published Date | 2023-03-16T16:15Z |
| Modified Date | 2023-03-16T18:40Z |
| CWE Type | CWE-770 |
| Description | `silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4.1.2 to remedy the vulnerability. |
| References | |
| By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites. | |
| Reference URL | https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-67g8-c724-8mp3 |
| Reference Description | MISC https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-67g8-c724-8mp3 |
| Reference URL | https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.1.2 |
| Reference Description | MISC https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.1.2 |
| Reference URL | https://github.com/silverstripe/silverstripe-graphql/pull/526 |
| Reference Description | MISC https://github.com/silverstripe/silverstripe-graphql/pull/526 |
| Reference URL | https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.2.3 |
| Reference Description | MISC https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.2.3 |
| Sources | NIST MITRE |
Note
- No CVSS data for this CVE