CVE-2023-34047

CVE-2023-34047

A batch loader function in Spring for GraphQL versions 1.1.0 – 1.1.5 and 1.2.0 – 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader functions through DefaultBatchLoaderRegistry.

Source: CVE-2023-34047

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다