H1-800231 — Vulnetix

H1-800231 PUBLISHED CVSS 6.099999904632568 MEDIUM

GraphQL node interface for ActiveResource models lacks encoding for resource identifier, enabling parameter injection in Payments backend

Risk Scores

CVSS 3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploit Intelligence

GraphQL node interface for ActiveResource models lacks encoding for resource identifier, enabling parameter injection in Payments backend (hackerone)
GraphQL node interface for ActiveResource models lacks encoding for resource identifier, enabling parameter injection in Payments backend (hackerone)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)

…and 2 more exploits

Timeline

May 11, 2020 CVE Published
May 11, 2020 PoC Published

References

GraphQL node interface for ActiveResource models lacks encoding for resource identifier, enabling parameter injection in Payments backend advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›