api-platform CVE 脆弱性と CVE 一覧(2)

製品(CPE): — CVE 件数: 2

api-platform 脆弱性概要

This page aggregates publicly disclosed CVE and security risk information related to api-platform, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.

脆弱性分布の推移(直近24か月)

表示中 12 / 2 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2023-25575 API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the `security` option of the `ApiPlatform\Metadata\ApiProperty` attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON, which is enabled by default when installing API Platform. Custom serialization formats may also be impacted. Only collection endpoints are affected by the issue, item endpoints are not. The JSON-LD [email protected] 7.7 0.60% 2023-02-28 2026-06-17
CVE-2019-1000011 API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized. This vulnerability appears to have been fixed in 2.3.6. [email protected] 6.5 1.02% 2019-02-04 2026-06-16
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence