VulnerableCode Vulnerability Details - VCID-jy2j-s717-47gn

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-jy2j-s717-47gn

Essentials
Severities (6)
References (4)
Severity details (6)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-jy2j-s717-47gn
Aliases	GHSA-3p7g-wrgg-wq45
Summary	GraphQL queries can expose password hashes
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-916

Use of Password Hash With Insufficient Computational Effort

System	Score	Found at
generic_textual	CRITICAL	https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-3p7g-wrgg-wq45
generic_textual	CRITICAL	https://github.com/ibexa/graphql
generic_textual	CRITICAL	https://github.com/ibexa/graphql/commit/5ae5fb4d1d292ddde8528e040ef8a7c8dd7f9c6d
cvssv3.1_qr	CRITICAL	https://github.com/ibexa/graphql/security/advisories/GHSA-3p7g-wrgg-wq45
generic_textual	CRITICAL	https://github.com/ibexa/graphql/security/advisories/GHSA-3p7g-wrgg-wq45

Reference id	Reference type	URL
		https://github.com/ibexa/graphql
		https://github.com/ibexa/graphql/commit/5ae5fb4d1d292ddde8528e040ef8a7c8dd7f9c6d
GHSA-3p7g-wrgg-wq45		https://github.com/advisories/GHSA-3p7g-wrgg-wq45
GHSA-3p7g-wrgg-wq45		https://github.com/ibexa/graphql/security/advisories/GHSA-3p7g-wrgg-wq45

No exploits are available.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T20:33:10.255042+00:00	GHSA Importer	Import	https://github.com/advisories/GHSA-3p7g-wrgg-wq45	38.6.0