Dgraph
Monthly
Dgraph distributed GraphQL database versions ≤25.3.1 expose admin authentication tokens through an unauthenticated /debug/pprof/cmdline endpoint, allowing remote attackers to retrieve the token from process command line arguments and gain full administrative access to the database. The vulnerability combines unauthenticated information disclosure (CWE-200) with subsequent authentication bypass, enabling configuration changes and operational control. Fixed in version 25.3.2 per vendor advisory GHSA-95mq-xwj4-r47p. CVSS 9.4 (AV:N/AC:L/PR:N/UI:N) indicates trivial remote exploitation against default configurations with no authentication required.
Dgraph is an open source distributed GraphQL database. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Dgraph distributed GraphQL database versions ≤25.3.1 expose admin authentication tokens through an unauthenticated /debug/pprof/cmdline endpoint, allowing remote attackers to retrieve the token from process command line arguments and gain full administrative access to the database. The vulnerability combines unauthenticated information disclosure (CWE-200) with subsequent authentication bypass, enabling configuration changes and operational control. Fixed in version 25.3.2 per vendor advisory GHSA-95mq-xwj4-r47p. CVSS 9.4 (AV:N/AC:L/PR:N/UI:N) indicates trivial remote exploitation against default configurations with no authentication required.
Dgraph is an open source distributed GraphQL database. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.