The VTEX apps-graphql@2.x GraphQL API module does not properly restrict unauthorized access to private configuration data. (apps-graphql@3.x is unaffected by this issue.)
References
Configurations
History
07 Nov 2023, 04:10
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
08 Apr 2023, 02:14
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://developers.vtex.com/updates/release-notes/deprecation-of-apps-graphql@2.x - Release Notes | |
CWE | NVD-CWE-Other | |
CPE | cpe:2.3:a:vtex:apps-graphql:2.x:*:*:*:*:*:*:* | |
First Time |
Vtex
Vtex apps-graphql |
31 Mar 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-31 17:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-28877
Mitre link : CVE-2023-28877
CVE.ORG link : CVE-2023-28877
JSON object : View
Products Affected
vtex
- apps-graphql
CWE