Silverstripe Silverstripe-Graphql vulnerabilities

CVE-2023-44401 [MEDIUM] CWE-863 Silverstripe GraqhQL's view permissions are bypassed for paginated lists of ORM data Silverstripe GraqhQL's view permissions are bypassed for paginated lists of ORM data The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, `canView` permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number

CVE-2023-40180 [HIGH] CWE-400 Denial of service vulnerability in silverstripe-graphql via recursive queries Denial of service vulnerability in silverstripe-graphql via recursive queries silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe

CVE-2023-28104 [HIGH] CWE-770 silverstripe/graphql Denial of Service vulnerability silverstripe/graphql Denial of Service vulnerability `silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade