Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Exposure of data and identity to wrong session in Spring for GraphQL
Vulnerability Description
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader functions through DefaultBatchLoaderRegistry.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
Spring GraphQL 安全漏洞
Vulnerability Description
Spring Framework是美国Spring团队的一套开源的Java、JavaEE应用程序框架。该框架可帮助开发人员构建高质量的应用。 Spring GraphQL 1.1.0 到 1.1.5 和 1.2.0 到 1.2.2版本存在安全漏洞,该漏洞源于 batch loader函数可能会向 GraphQL 上下文公开来自不同会话的值,包括安全上下文值,如果应用程序在通过 DefaultBatchLoaderRegistry 注册批量加载器函数时提供 DataLoaderOptions 实例,则该应用
CVSS Information
N/A
Vulnerability Type
N/A