Security Advisories - silverstripe/graphql - Packagist

silverstripe/graphql Security Advisories for 5.0.0-rc1 (2)

[MEDIUM] CVE-2023-44401 View permissions are bypassed for paginated lists of ORM data in GraphQL queries

PKSA-yqpc-bjrb-6dq8 CVE-2023-44401 GHSA-jgph-w8rh-xf5p

Affected version: >=4.0.0,<4.3.7|>=5.0.0,<5.1.3

Reported by:
GitHub, FriendsOfPHP/security-advisories
[HIGH] CVE-2023-40180 DDOS Vulnerability on GraphQL due to lack of protection against recursive queries

PKSA-r8b1-wm85-sfnm CVE-2023-40180 GHSA-v23w-pppm-jh66

Affected version: >=3.0.0,<3.8.2|>=4.0.0,<4.1.3|>=4.2.0,<4.2.5|>=4.3.0,<4.3.4|>=5.0.0,<5.0.3

Reported by:
GitHub, FriendsOfPHP/security-advisories