Tag

Database-Exfiltration

1 brief RSS

Dgraph Pre-Auth DQL Injection Vulnerability

A pre-authentication DQL injection vulnerability in Dgraph's `/mutate` endpoint, when ACL is disabled, allows attackers to exfiltrate the entire database by crafting a malicious `cond` field in an upsert mutation.

Dgraph dql-injection injection database-exfiltration

1r 1t Oct 26, 2024