CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-34047

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader functions through DefaultBatchLoaderRegistry.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 64.0%

CVSS Severity

CVSS v3 Score 3.1

References

Products affected by CVE-2023-34047

Vmware » Spring For Graphql » Version: 1.1.0

cpe:2.3:a:vmware:spring_for_graphql:1.1.0
Vmware » Spring For Graphql » Version: 1.1.1

cpe:2.3:a:vmware:spring_for_graphql:1.1.1
Vmware » Spring For Graphql » Version: 1.1.2

cpe:2.3:a:vmware:spring_for_graphql:1.1.2
Vmware » Spring For Graphql » Version: 1.1.3

cpe:2.3:a:vmware:spring_for_graphql:1.1.3
Vmware » Spring For Graphql » Version: 1.1.4

cpe:2.3:a:vmware:spring_for_graphql:1.1.4
Vmware » Spring For Graphql » Version: 1.1.5

cpe:2.3:a:vmware:spring_for_graphql:1.1.5
Vmware » Spring For Graphql » Version: 1.2.0

cpe:2.3:a:vmware:spring_for_graphql:1.2.0
Vmware » Spring For Graphql » Version: 1.2.1

cpe:2.3:a:vmware:spring_for_graphql:1.2.1
Vmware » Spring For Graphql » Version: 1.2.2

cpe:2.3:a:vmware:spring_for_graphql:1.2.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-34047

Products

Pricing

Contact Us