This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<div class="md:p-8 p-5 dark:bg-gray-800 bg-white rounded-t"> | |
<div class="px-4 flex items-center justify-between"> | |
<span tabindex="0" class="focus:outline-none text-base font-bold dark:text-gray-100 text-gray-800">October 2020</span> | |
<div class="flex items-center"> | |
<button aria-label="calendar forward" class="flip-180 focus:text-gray-400 hover:text-gray-400 text-gray-800 dark:text-gray-100"> | |
<svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-chevron-left" width="24" height="24" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round" data-darkreader-inline-stroke="" style="--darkreader-inline-stroke:currentColor;"> | |
<path stroke="none" d="M0 0h24v24H0z" fill="none" data-darkreader-inline-stroke="" style="--darkreader-inline-stroke:none;"></path> | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
********************************************************************** | |
CVE-2023-49559 - gqlparser < 2.5.13 directive overload denial of service | |
Credit: Yuval Moravchick, Security Researcher @ Cato Networks | |
*********************************************************************** | |
The gqlparser library usesd by the Gqlgen GraphQL server was found vulnerable to a directive overload that can cause system resource exhaustion. | |
Since is no limit on the amount of directives that can be given as input inside the GraphQL query in the HTTP requests, | |
adding a large amount of non-existing directives can increase significantly the processing time of the query and response size, hence sending similar requests with the payload at the same time can cause a DoS condition on the server. |