Code Monkey home page Code Monkey logo

document's Introduction

document's People

Contributors

mend-bolt-for-github[bot] avatar zigzagdev avatar

Watchers

avatar

document's Issues

疑問

GraphQLに複数の関数を入れることで、指定した関数を選択したクエリを取ってくることは出来ないのか。

laravel/framework-v9.52.7: 1 vulnerabilities (highest severity is: 5.5)

Vulnerable Library - laravel/framework-v9.52.7

The Laravel Framework.

Library home page: https://api.github.com/repos/laravel/framework/zipball/675ea868fe36b18c8303e954aac540e6b1caa677

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (laravel/framework-v9.52.7 version) Remediation Possible**
CVE-2024-29291 Medium 5.5 laravel/framework-v9.52.7 Direct laravel/framework - 9.x-dev,10.x-dev,dev-prep-l12,11.x-dev,dev-php8.1-fixes

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2024-29291

Vulnerable Library - laravel/framework-v9.52.7

The Laravel Framework.

Library home page: https://api.github.com/repos/laravel/framework/zipball/675ea868fe36b18c8303e954aac540e6b1caa677

Dependency Hierarchy:

  • laravel/framework-v9.52.7 (Vulnerable Library)

Found in base branch: main

Vulnerability Details

An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, but needs to set the access control appropriately for the type of data that may be logged.

Publish Date: 2024-04-16

URL: CVE-2024-29291

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2024-29291

Release Date: 2024-04-16

Fix Resolution: laravel/framework - 9.x-dev,10.x-dev,dev-prep-l12,11.x-dev,dev-php8.1-fixes

Step up your Open Source Security Game with Mend here

Learn at this repo

1.To send a request is needed to declare the mutation in schema.graphql file .
2. Mutation is the way to use the Data, so if u want to use others function, add extend on the top.
3. Mutation name must be unit with function name in Laravel.
4. if u add a ! mark behind the type like continent: Int!, you have to send a request data. Otherwise, u will cathch the error response.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.