H1-800231 — Vulnetix

Try Vulnetix Request Demo

H1-800231 PUBLISHED CVSS 6.099999904632568 MEDIUM

GraphQL node interface for ActiveResource models lacks encoding for resource identifier, enabling parameter injection in Payments backend

Risk Scores

CVSS v3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Timeline

May 11, 2020 CVE Published
May 11, 2020 PoC Published

References

GraphQL node interface for ActiveResource models lacks encoding for resource identifier, enabling parameter injection in Payments backend advisory

Open in Interactive Console →