Prime
Monthly
Birkir Prime up to version 0.4.0.beta.0 exposes sensitive information through error messages in its GraphQL Directive Handler endpoint (/graphql), allowing unauthenticated remote attackers to extract data. Public exploit code exists for this vulnerability, and the vendor has not yet released a patch despite being notified.
Birkir Prime versions up to 0.4.0.beta.0 are vulnerable to resource exhaustion attacks through the GraphQL Alias Handler endpoint, allowing unauthenticated remote attackers to cause denial of service. Public exploit code is available for this vulnerability, and the project has not yet released a patch despite early notification. The attack requires no user interaction and can be executed over the network with minimal complexity.
Prime versions up to 0.4.0.beta.0 are vulnerable to denial of service attacks through the GraphQL Array Based Query Batch Handler component, which can be exploited remotely without authentication. Public exploit code exists for this vulnerability, and the vendor has not yet released a patch despite early notification.
Birkir Prime versions up to 0.4.0.beta.0 contain a denial of service vulnerability in the GraphQL Directive Handler that can be exploited remotely without authentication. Public exploit code exists for this vulnerability, and the developers have not released a patch despite early notification. An unauthenticated attacker can leverage this flaw to disrupt service availability.
Remote denial of service in birkir Prime up to version 0.4.0.beta.0 can be triggered through the GraphQL Field Handler endpoint without authentication. Public exploit code exists for this vulnerability, though no patch is currently available from the project maintainers.
Birkir Prime up to version 0.4.0.beta.0 exposes sensitive information through its GraphQL API endpoint due to improper access controls, allowing unauthenticated remote attackers to disclose confidential data. Public exploit code for this vulnerability is available, and the vendor has not yet released a patch despite being notified of the issue.
Cross-site request forgery (CSRF) in Birkir Prime through version 0.4.0.beta.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users through malicious web requests. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch has been released as of this advisory.
Birkir Prime up to version 0.4.0.beta.0 exposes sensitive information through error messages in its GraphQL Directive Handler endpoint (/graphql), allowing unauthenticated remote attackers to extract data. Public exploit code exists for this vulnerability, and the vendor has not yet released a patch despite being notified.
Birkir Prime versions up to 0.4.0.beta.0 are vulnerable to resource exhaustion attacks through the GraphQL Alias Handler endpoint, allowing unauthenticated remote attackers to cause denial of service. Public exploit code is available for this vulnerability, and the project has not yet released a patch despite early notification. The attack requires no user interaction and can be executed over the network with minimal complexity.
Prime versions up to 0.4.0.beta.0 are vulnerable to denial of service attacks through the GraphQL Array Based Query Batch Handler component, which can be exploited remotely without authentication. Public exploit code exists for this vulnerability, and the vendor has not yet released a patch despite early notification.
Birkir Prime versions up to 0.4.0.beta.0 contain a denial of service vulnerability in the GraphQL Directive Handler that can be exploited remotely without authentication. Public exploit code exists for this vulnerability, and the developers have not released a patch despite early notification. An unauthenticated attacker can leverage this flaw to disrupt service availability.
Remote denial of service in birkir Prime up to version 0.4.0.beta.0 can be triggered through the GraphQL Field Handler endpoint without authentication. Public exploit code exists for this vulnerability, though no patch is currently available from the project maintainers.
Birkir Prime up to version 0.4.0.beta.0 exposes sensitive information through its GraphQL API endpoint due to improper access controls, allowing unauthenticated remote attackers to disclose confidential data. Public exploit code for this vulnerability is available, and the vendor has not yet released a patch despite being notified of the issue.
Cross-site request forgery (CSRF) in Birkir Prime through version 0.4.0.beta.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users through malicious web requests. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch has been released as of this advisory.