CVE-2024-37843: Craft CMS SQL injection vulnerability via the GraphQL API endpoint

June 25, 2024 (updated August 2, 2024)

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.

References

blog.smithsecurity.biz/craft-cms-unauthenticated-sqli-via-graphql
github.com/advisories/GHSA-hq4f-mv3q-8wcv
github.com/craftcms/cms
nvd.nist.gov/vuln/detail/CVE-2024-37843

Detect and mitigate CVE-2024-37843 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →