io.quarkus:quarkus-smallrye-graphql@3.3.0 vulnerabilities
-
latest version
3.11.2
-
latest non vulnerable version
-
first published
4 years ago
-
latest version published
2 months ago
-
licenses detected
- [1.5.0.CR1,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the io.quarkus:quarkus-smallrye-graphql package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
io.quarkus:quarkus-smallrye-graphql is a Supersonic Subatomic Java Affected versions of this package are vulnerable to Incorrect Authorization via the handling of websocket requests that lack role-based permissions for GraphQL operations. An attacker can access information and execute functionality that should be restricted by exploiting the lack of authentication checks on secured endpoints. How to fix Incorrect Authorization? Upgrade |
[,2.13.9.Final)
[2.14.0,3.5.3)
|