Packagist (Composer) package
api-platform/graphql
pkg:composer/api-platform/graphql
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-31485 | Hig | 7.5 | >= 4.0.0-alpha.1, < 4.0.22 | 4.0.22 | Apr 3, 2025 | API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe() method is meant to prevent the ca | |
| CVE-2025-31481 | Hig | 7.5 | >= 4.0.0-alpha.1, < 4.0.22 | 4.0.22 | Apr 3, 2025 | API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17. |
- affected >= 4.0.0-alpha.1, < 4.0.22fixed 4.0.22
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe() method is meant to prevent the ca
- affected >= 4.0.0-alpha.1, < 4.0.22fixed 4.0.22
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17.