Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Saleor has a resource exhaustion vulnerability in GraphQL queries
Vulnerability Description
Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
saleor 安全漏洞
Vulnerability Description
saleor是Saleor Commerce开源的一个接口软件。 Saleor 2.0.0至3.23.0a3之前版本、3.22.47之前版本、3.21.54之前版本和3.20.118之前版本存在安全漏洞,该漏洞源于恶意行为者可在单个API调用中包含大量GraphQL操作,可能导致资源耗尽。
CVSS Information
N/A
Vulnerability Type
N/A