Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Saleor Affected by Denial of Service via Unbounded GraphQL Query Batching
Vulnerability Description
Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Saleor supports query batching by submitting multiple GraphQL operations in a single HTTP request as a JSON array but wasn't enforcing any upper limit on the number of operations. This allowed an unauthenticated attacker to send a single HTTP request many operations (bypassing the per query complexity limit) to exhaust resources. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
saleor 安全漏洞
Vulnerability Description
saleor是Saleor Commerce开源的一个接口软件。 saleor 3.23.0a3之前版本、3.22.47之前版本、3.21.54之前版本和3.20.118之前版本存在安全漏洞,该漏洞源于未对GraphQL批处理操作数量设置上限,可能导致资源耗尽。
CVSS Information
N/A
Vulnerability Type
N/A