Search criteria
9 vulnerabilities found for graphql by silverstripe
FKIE_CVE-2023-44401
Vulnerability from fkie_nvd - Published: 2024-01-23 14:15 - Updated: 2024-11-21 08:25
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, `canView` permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn’t paginated per se. This has been fixed in versions 4.3.7 and 5.1.3 by ensuring no new records are pulled in from the database after performing `canView` permission checks for each page of results. This may result in some pages in the query results having less than the maximum number of records per page even when there are more pages of results. This behavior is consistent with how pagination works in other areas of Silverstripe CMS, such as in `GridField`, and is a result of having to perform permission checks in PHP rather than in the database directly. One may disable these permission checks by disabling the `CanViewPermission` plugin.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | graphql | * | |
| silverstripe | graphql | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:graphql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D22C86-D9E5-47B2-BB57-7D0E77628ED7",
"versionEndExcluding": "4.3.7",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:graphql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0718F16-E23B-469B-B4FC-1CBA2E886DC3",
"versionEndExcluding": "5.1.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, `canView` permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn\u2019t paginated per se. This has been fixed in versions 4.3.7 and 5.1.3 by ensuring no new records are pulled in from the database after performing `canView` permission checks for each page of results. This may result in some pages in the query results having less than the maximum number of records per page even when there are more pages of results. This behavior is consistent with how pagination works in other areas of Silverstripe CMS, such as in `GridField`, and is a result of having to perform permission checks in PHP rather than in the database directly. One may disable these permission checks by disabling the `CanViewPermission` plugin."
},
{
"lang": "es",
"value": "Silverstripe CMS GraphQL Server sirve datos de Silverstripe como representaciones GraphQL. En las versiones 4.0.0 anteriores a 4.3.7 y 5.0.0 anteriores a 5.1.3, las comprobaciones de permisos `canView` se omiten para datos ORM en resultados de consultas GraphQL paginados donde el n\u00famero total de registros es mayor que el n\u00famero de registros por p\u00e1gina. Tenga en cuenta que esto tambi\u00e9n afecta a las consultas GraphQL a las que se les aplica un l\u00edmite, incluso si la consulta no est\u00e1 paginada per se. Esto se solucion\u00f3 en las versiones 4.3.7 y 5.1.3 asegurando que no se extraigan nuevos registros de la base de datos despu\u00e9s de realizar comprobaciones de permisos \"canView\" para cada p\u00e1gina de resultados. Esto puede provocar que algunas p\u00e1ginas de los resultados de la consulta tengan menos del n\u00famero m\u00e1ximo de registros por p\u00e1gina, incluso cuando haya m\u00e1s p\u00e1ginas de resultados. Este comportamiento es consistente con c\u00f3mo funciona la paginaci\u00f3n en otras \u00e1reas de Silverstripe CMS, como en `GridField`, y es el resultado de tener que realizar comprobaciones de permisos en PHP en lugar de hacerlo directamente en la base de datos. Se pueden desactivar estas comprobaciones de permisos desactivando el complemento \"CanViewPermission\"."
}
],
"id": "CVE-2023-44401",
"lastModified": "2024-11-21T08:25:49.713",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-23T14:15:37.540",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-jgph-w8rh-xf5p"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2023-44401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-jgph-w8rh-xf5p"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2023-44401"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-40180
Vulnerability from fkie_nvd - Published: 2023-10-16 19:15 - Updated: 2024-11-21 08:18
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | graphql | * | |
| silverstripe | graphql | * | |
| silverstripe | graphql | * | |
| silverstripe | graphql | * | |
| silverstripe | graphql | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:graphql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC96AF6-9575-46F3-B73C-840E94E89FEE",
"versionEndExcluding": "3.8.2",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:graphql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01A083DC-A210-4945-B575-B844777ED2D3",
"versionEndExcluding": "4.1.3",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:graphql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F32A73D0-E7FA-4C45-97E7-81E64AD0DBEA",
"versionEndExcluding": "4.2.5",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:graphql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "186C5850-375C-408D-BDDC-C0726F618860",
"versionEndExcluding": "4.3.4",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:graphql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D409E4EC-38CB-43BB-91F1-C79350B5CD36",
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": " silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "silverstripe-graphql es un paquete que proporciona datos de Silverstripe en representaciones GraphQL. Un atacante podr\u00eda utilizar una consulta Graphql recursiva para ejecutar un ataque de Denegaci\u00f3n de Servicio Distribuido (ataque DDOS) contra un sitio web. Esto afecta principalmente a sitios web con esquemas Graphql expuestos p\u00fablicamente. Si su proyecto Silverstripe CMS no expone un esquema Graphql p\u00fablico, se requiere una cuenta de usuario para desencadenar el ataque DDOS. Si su sitio est\u00e1 alojado detr\u00e1s de una Red de Entrega de Contenido (CDN), como Imperva o CloudFlare, esto puede mitigar a\u00fan m\u00e1s el riesgo. Este problema se solucion\u00f3 en las versiones 3.8.2, 4.1.3, 4.2.5, 4.3.4 y 5.0.3. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2023-40180",
"lastModified": "2024-11-21T08:18:56.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T19:15:10.567",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation"
],
"url": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation"
],
"url": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-28104
Vulnerability from fkie_nvd - Published: 2023-03-16 16:15 - Updated: 2024-11-21 07:54
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4.1.2 to remedy the vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | graphql | 4.1.1 | |
| silverstripe | graphql | 4.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:graphql:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF57E3F0-F64D-4656-8B9B-5299FCF2AEBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:graphql:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "13FF549B-58BF-4074-BB38-BFF96093495B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4.1.2 to remedy the vulnerability."
}
],
"id": "CVE-2023-28104",
"lastModified": "2024-11-21T07:54:24.717",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-16T16:15:12.750",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/pull/526"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.1.2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.2.3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-67g8-c724-8mp3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/pull/526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.1.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.2.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-67g8-c724-8mp3"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-44401 (GCVE-0-2023-44401)
Vulnerability from cvelistv5 – Published: 2024-01-23 13:08 – Updated: 2025-06-17 21:19
VLAI?
Title
Silverstripe GraqhQL's view permissions are bypassed for paginated lists of ORM data
Summary
The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, `canView` permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn’t paginated per se. This has been fixed in versions 4.3.7 and 5.1.3 by ensuring no new records are pulled in from the database after performing `canView` permission checks for each page of results. This may result in some pages in the query results having less than the maximum number of records per page even when there are more pages of results. This behavior is consistent with how pagination works in other areas of Silverstripe CMS, such as in `GridField`, and is a result of having to perform permission checks in PHP rather than in the database directly. One may disable these permission checks by disabling the `CanViewPermission` plugin.
Severity ?
5.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silverstripe | silverstripe-graphql |
Affected:
>= 4.0.0, < 4.3.7
Affected: >= 5.0.0, < 5.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:07:32.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-jgph-w8rh-xf5p",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-jgph-w8rh-xf5p"
},
{
"name": "https://www.silverstripe.org/download/security-releases/CVE-2023-44401",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2023-44401"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-23T14:40:17.307636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:19:26.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "silverstripe-graphql",
"vendor": "silverstripe",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.3.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, `canView` permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn\u2019t paginated per se. This has been fixed in versions 4.3.7 and 5.1.3 by ensuring no new records are pulled in from the database after performing `canView` permission checks for each page of results. This may result in some pages in the query results having less than the maximum number of records per page even when there are more pages of results. This behavior is consistent with how pagination works in other areas of Silverstripe CMS, such as in `GridField`, and is a result of having to perform permission checks in PHP rather than in the database directly. One may disable these permission checks by disabling the `CanViewPermission` plugin."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T13:08:34.055Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-jgph-w8rh-xf5p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-jgph-w8rh-xf5p"
},
{
"name": "https://www.silverstripe.org/download/security-releases/CVE-2023-44401",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2023-44401"
}
],
"source": {
"advisory": "GHSA-jgph-w8rh-xf5p",
"discovery": "UNKNOWN"
},
"title": "Silverstripe GraqhQL\u0027s view permissions are bypassed for paginated lists of ORM data"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-44401",
"datePublished": "2024-01-23T13:08:34.055Z",
"dateReserved": "2023-09-28T17:56:32.615Z",
"dateUpdated": "2025-06-17T21:19:26.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40180 (GCVE-0-2023-40180)
Vulnerability from cvelistv5 – Published: 2023-10-16 18:05 – Updated: 2024-09-16 17:21
VLAI?
Title
Denial of service vulnerability in silverstripe-graphql via recursive queries
Summary
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silverstripe | silverstripe-graphql |
Affected:
>= 3.0.0, < 3.8.2
Affected: >= 4.0.0, < 4.1.3 Affected: >= 4.2.0, < 4.2.5 Affected: >= 4.3.0, < 4.3.4 Affected: >= 5.0.0, < 5.0.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66"
},
{
"name": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c"
},
{
"name": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries"
},
{
"name": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries"
},
{
"name": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40180",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T17:21:23.949970Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T17:21:39.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "silverstripe-graphql",
"vendor": "silverstripe",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.8.2"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.1.3"
},
{
"status": "affected",
"version": "\u003e= 4.2.0, \u003c 4.2.5"
},
{
"status": "affected",
"version": "\u003e= 4.3.0, \u003c 4.3.4"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": " silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T18:43:50.879Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66"
},
{
"name": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c"
},
{
"name": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries"
},
{
"name": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries"
},
{
"name": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180"
}
],
"source": {
"advisory": "GHSA-v23w-pppm-jh66",
"discovery": "UNKNOWN"
},
"title": "Denial of service vulnerability in silverstripe-graphql via recursive queries"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-40180",
"datePublished": "2023-10-16T18:05:14.806Z",
"dateReserved": "2023-08-09T15:26:41.052Z",
"dateUpdated": "2024-09-16T17:21:39.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28104 (GCVE-0-2023-28104)
Vulnerability from cvelistv5 – Published: 2023-03-16 15:25 – Updated: 2025-02-25 14:55
VLAI?
Title
silverstripe/graphql Denial of Service vulnerability
Summary
`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4.1.2 to remedy the vulnerability.
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silverstripe | silverstripe-graphql |
Affected:
= 4.1.1
Affected: = 4.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-67g8-c724-8mp3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-67g8-c724-8mp3"
},
{
"name": "https://github.com/silverstripe/silverstripe-graphql/pull/526",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/pull/526"
},
{
"name": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.1.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.1.2"
},
{
"name": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.2.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.2.3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:30:38.275420Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:55:43.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "silverstripe-graphql",
"vendor": "silverstripe",
"versions": [
{
"status": "affected",
"version": "= 4.1.1"
},
{
"status": "affected",
"version": "= 4.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4.1.2 to remedy the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-16T15:25:30.551Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-67g8-c724-8mp3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-67g8-c724-8mp3"
},
{
"name": "https://github.com/silverstripe/silverstripe-graphql/pull/526",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/pull/526"
},
{
"name": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.1.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.1.2"
},
{
"name": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.2.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.2.3"
}
],
"source": {
"advisory": "GHSA-67g8-c724-8mp3",
"discovery": "UNKNOWN"
},
"title": "silverstripe/graphql Denial of Service vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28104",
"datePublished": "2023-03-16T15:25:30.551Z",
"dateReserved": "2023-03-10T18:34:29.226Z",
"dateUpdated": "2025-02-25T14:55:43.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44401 (GCVE-0-2023-44401)
Vulnerability from nvd – Published: 2024-01-23 13:08 – Updated: 2025-06-17 21:19
VLAI?
Title
Silverstripe GraqhQL's view permissions are bypassed for paginated lists of ORM data
Summary
The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, `canView` permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn’t paginated per se. This has been fixed in versions 4.3.7 and 5.1.3 by ensuring no new records are pulled in from the database after performing `canView` permission checks for each page of results. This may result in some pages in the query results having less than the maximum number of records per page even when there are more pages of results. This behavior is consistent with how pagination works in other areas of Silverstripe CMS, such as in `GridField`, and is a result of having to perform permission checks in PHP rather than in the database directly. One may disable these permission checks by disabling the `CanViewPermission` plugin.
Severity ?
5.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silverstripe | silverstripe-graphql |
Affected:
>= 4.0.0, < 4.3.7
Affected: >= 5.0.0, < 5.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:07:32.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-jgph-w8rh-xf5p",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-jgph-w8rh-xf5p"
},
{
"name": "https://www.silverstripe.org/download/security-releases/CVE-2023-44401",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2023-44401"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-23T14:40:17.307636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:19:26.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "silverstripe-graphql",
"vendor": "silverstripe",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.3.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, `canView` permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn\u2019t paginated per se. This has been fixed in versions 4.3.7 and 5.1.3 by ensuring no new records are pulled in from the database after performing `canView` permission checks for each page of results. This may result in some pages in the query results having less than the maximum number of records per page even when there are more pages of results. This behavior is consistent with how pagination works in other areas of Silverstripe CMS, such as in `GridField`, and is a result of having to perform permission checks in PHP rather than in the database directly. One may disable these permission checks by disabling the `CanViewPermission` plugin."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T13:08:34.055Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-jgph-w8rh-xf5p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-jgph-w8rh-xf5p"
},
{
"name": "https://www.silverstripe.org/download/security-releases/CVE-2023-44401",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2023-44401"
}
],
"source": {
"advisory": "GHSA-jgph-w8rh-xf5p",
"discovery": "UNKNOWN"
},
"title": "Silverstripe GraqhQL\u0027s view permissions are bypassed for paginated lists of ORM data"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-44401",
"datePublished": "2024-01-23T13:08:34.055Z",
"dateReserved": "2023-09-28T17:56:32.615Z",
"dateUpdated": "2025-06-17T21:19:26.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40180 (GCVE-0-2023-40180)
Vulnerability from nvd – Published: 2023-10-16 18:05 – Updated: 2024-09-16 17:21
VLAI?
Title
Denial of service vulnerability in silverstripe-graphql via recursive queries
Summary
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silverstripe | silverstripe-graphql |
Affected:
>= 3.0.0, < 3.8.2
Affected: >= 4.0.0, < 4.1.3 Affected: >= 4.2.0, < 4.2.5 Affected: >= 4.3.0, < 4.3.4 Affected: >= 5.0.0, < 5.0.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66"
},
{
"name": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c"
},
{
"name": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries"
},
{
"name": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries"
},
{
"name": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40180",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T17:21:23.949970Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T17:21:39.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "silverstripe-graphql",
"vendor": "silverstripe",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.8.2"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.1.3"
},
{
"status": "affected",
"version": "\u003e= 4.2.0, \u003c 4.2.5"
},
{
"status": "affected",
"version": "\u003e= 4.3.0, \u003c 4.3.4"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": " silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T18:43:50.879Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66"
},
{
"name": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c"
},
{
"name": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries"
},
{
"name": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries"
},
{
"name": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180"
}
],
"source": {
"advisory": "GHSA-v23w-pppm-jh66",
"discovery": "UNKNOWN"
},
"title": "Denial of service vulnerability in silverstripe-graphql via recursive queries"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-40180",
"datePublished": "2023-10-16T18:05:14.806Z",
"dateReserved": "2023-08-09T15:26:41.052Z",
"dateUpdated": "2024-09-16T17:21:39.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28104 (GCVE-0-2023-28104)
Vulnerability from nvd – Published: 2023-03-16 15:25 – Updated: 2025-02-25 14:55
VLAI?
Title
silverstripe/graphql Denial of Service vulnerability
Summary
`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4.1.2 to remedy the vulnerability.
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silverstripe | silverstripe-graphql |
Affected:
= 4.1.1
Affected: = 4.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-67g8-c724-8mp3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-67g8-c724-8mp3"
},
{
"name": "https://github.com/silverstripe/silverstripe-graphql/pull/526",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/pull/526"
},
{
"name": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.1.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.1.2"
},
{
"name": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.2.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.2.3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:30:38.275420Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:55:43.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "silverstripe-graphql",
"vendor": "silverstripe",
"versions": [
{
"status": "affected",
"version": "= 4.1.1"
},
{
"status": "affected",
"version": "= 4.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4.1.2 to remedy the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-16T15:25:30.551Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-67g8-c724-8mp3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-67g8-c724-8mp3"
},
{
"name": "https://github.com/silverstripe/silverstripe-graphql/pull/526",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/pull/526"
},
{
"name": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.1.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.1.2"
},
{
"name": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.2.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.2.3"
}
],
"source": {
"advisory": "GHSA-67g8-c724-8mp3",
"discovery": "UNKNOWN"
},
"title": "silverstripe/graphql Denial of Service vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28104",
"datePublished": "2023-03-16T15:25:30.551Z",
"dateReserved": "2023-03-10T18:34:29.226Z",
"dateUpdated": "2025-02-25T14:55:43.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}