漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
GraphQL query operations security can be bypassed
Vulnerability Description
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
API Platform Core 安全漏洞
Vulnerability Description
API Platform Core是API Platform开源的一个 API Platform 的服务器组件。 API Platform Core 4.0.21之前版本存在安全漏洞,该漏洞源于Relay特殊节点类型可绕过安全配置。
CVSS Information
N/A
Vulnerability Type
N/A