api-platform/graphql Security Advisories for v3.2.6 (2)
-
[HIGH] GraphQL grant on a property might be cached with different objects
PKSA-9x6b-qjnh-k9nj CVE-2025-31485 GHSA-428q-q3vv-3fq3
Affected version: <3.4.17|>=4.0.0,<4.0.22|>=4.1.0,<4.1.5
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] GraphQL query operations security can be bypassed
PKSA-rfnk-z282-zpmp CVE-2025-31481 GHSA-cg3c-245w-728m
Affected version: <3.4.17|>=4.0.0,<4.0.22|>=4.1.0,<4.1.5
Reported by:
FriendsOfPHP/security-advisories, GitHub