#auth

Without key security defenses, including backup recovery and multifactor authentication implementation, all parties, including neighboring hospitals and patients, suffer.

### Summary A query depth restriction using the max-depth can be bypassed if `ignoreIntrospection` is enabled (which is the default configuration) by naming your query/fragment `__schema`. ### Details In the `countDepth` function, we have the following code that calculates the depth of a used fragment: ```typescript } else if (node.kind == Kind.FRAGMENT_SPREAD) { if (this.visitedFragments.has(node.name.value)) { return this.visitedFragments.get(node.name.value) ?? 0; } else { this.visitedFragments.set(node.name.value, -1); } const fragment = this.context.getFragment(node.name.value); if (fragment) { let fragmentDepth; if (this.config.flattenFragments) { fragmentDepth = this.countDepth(fragment, parentDepth); } else { fragmentDepth = this.countDepth(fragment, parentDepth + 1); } depth = Math.max(depth, fragmentDepth); if (this.visitedFragments.get(node.name.value) === ...

### Summary A query depth restriction using the `max-depth` property can be bypassed if `ignoreIntrospection` is enabled (which is the default configuration) by naming your query/fragment `__schema`. ### Details At the start of the `countDepth` function, we have the following check for the `ignoreIntrospection` option: ```typescript if (this.config.ignoreIntrospection && 'name' in node && node.name?.value === '__schema') { return 0; } ``` However, the `node` can be one of: `FieldNode`, `FragmentDefinitionNode`, `InlineFragmentNode`, `OperationDefinitionNode`, `FragmentSpreadNode`. For example, consider sending the following query: ```graphql query hello { books { title } } ``` This would create an `OperationDefinitionNode` where `node.name.value == 'hello'` The proper way to handle this is to check explicitly for the `__schema` field, which corresponds to a `FieldNode`. The fix is ```typescript if ( this.config.ignoreIntrospection && 'na...

### Impact When generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the XML. ### Workarounds Test untrusted input with `link` elements with `rel="attachment"` before processing. ### Credits This vulnerability was reported by Mohamed Ouad from [Doyensec](https://doyensec.com/).

### Impact A vulnerability exists where sensitive information, such as OAuth tokens, is recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an SQL error by methods such as placing a high load on the database. This could allow an attacker who has the authority to view the log files to illicitly acquire the recorded sensitive information. ### Patch This vulnerability has been fixed in the following pull request: https://github.com/traPtitech/traQ/pull/2787 It is possible that OAuth tokens issued before the patch was applied have already been recorded in the logs. To completely eliminate the security risk, server administrators are strongly recommended to revoke all existing OAuth tokens. ### Workaround If you cannot apply the update immediately, as a temporary workaround, please review access permissions for SQL error logs and strictly limit access to prevent unauthorized users from viewing them.

Silver Spring, USA / Maryland, 26th August 2025, CyberNewsWire

The application constructs a shell command using unsanitized user input passed to the system() function, calling an external binary for authentication. Due to improper input handling and reliance on the binary's return value for access control, an attacker can inject special characters, such as a double quote (") to manipulate command parsing and induce execution failure. Since the application interprets any non-zero exit code from the binary as successful authentication, this flaw allows remote users to bypass authentication entirely without providing valid credentials.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340 and Communication Modules Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Modicon M340: All versions BMXNOR0200H Ethernet/Serial RTU Module: All versions BMXNGD0100 M580 Global Data module: All versions BMXNOC0401 Modicon M340 X80 Ethernet Communication modules: All versions BMXNOE0100 Modbus/TCP Ethernet Modicon M340 module: Versions prior to 3.60 BMXNOE0110 Modbus/TCP Ethernet Modicon M340 FactoryCast module: Versions prior to 6.80 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20 Improper Input Validation vulnerability exists that could cause a Denial-of-Service when specially crafted FTP com...

alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter.

A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth limit. This results in high resource consumption and potential crashes of the Python process. The issue is resolved in version 0.12.38.