CVE-2023-28104— silverstripe/graphql Denial of Service vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-28104
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
silverstripe/graphql Denial of Service vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4.1.2 to remedy the vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不加限制或调节的资源分配
Source: NVD (National Vulnerability Database)
Vulnerability Title
Silverstripe CMS GraphQL Server 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Silverstripe CMS GraphQL Server是将 SilverStripe 数据作为 GraphQL 表示形式提供的工具。 Silverstripe CMS GraphQL Server 4.2.2版本和4.1.1版本存在安全漏洞。攻击者利用该漏洞可以使用特制的graphql查询对具有公开暴露的graphql端点的网站执行拒绝服务攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| silverstripe | silverstripe-graphql | = 4.1.1 | - |
II. Public POCs for CVE-2023-28104
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-28104
请登录查看更多情报信息。
- https://github.com/silverstripe/silverstripe-graphql/pull/526x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2023-28104
IV. Related Vulnerabilities
Same vendor: silverstripe
- CVE-2026-24749
Silverstripe Assets Module has a DBFile::getURL() permission - CVE-2025-30148
Silverstripe Framework has a XSS vulnerability in HTML edito - CVE-2025-25197
Silverstripe Elemental enables XSS attacks in elemental "Con - CVE-2024-53277
Cross-site Scripting in form messages in silverstripe framew - CVE-2024-47605
Cross-site Scripting via insert media remote file oembed in
Same weakness: CWE-770
- CVE-2021-47959
WordPress Plugin WPGraphQL 1.3.5 Denial of Service - CVE-2026-44679
Tuist: Forgot password flow lacks throttling for reset email - CVE-2026-44216
Wasmtime: Panic when allocating a table exceeding the size o - CVE-2026-8468
Unbounded buffer accumulation in multipart header parsing ca - CVE-2025-14870
Allocation of Resources Without Limits or Throttling in GitL
V. Comments for CVE-2023-28104
No comments yet