GHSA-428q-q3vv-3fq3
HIGHGraphQL grant on a property might be cached with different objects
EPSS Exploitation Probability
EPSS (Exploit Prediction Scoring System) is a daily probability model maintained by FIRST.org. It estimates the likelihood a CVE will be exploited in production environments within the next 30 days, derived from real-world threat intelligence signals.
Blast Radius
api-platform/graphql🐘api-platform/core🐘api-platform/graphql🐘api-platform/core🐘api-platform/core🐘api-platform/graphqlReal-time download stats are indexed for npm and PyPI packages. This vulnerability affects Packagist packages — download data is not available via public APIs for these ecosystems.
Description
Original message:
I found an issue with security grants on on properties in the GraphQL ItemNormalizer:
If you use something like #[ApiProperty(security: 'is_granted("PROPERTY_READ", [object, property])')] on a member of an entity, the grant gets cached and is only evaluated once, even if the object in question is a different one.
There is the ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe() method that seems to be intended to prevent this: https://github.com/api-platform/core/blob/88f5ac50d20d6510686a7552310cc567fcca45bf/src/GraphQl/Serializer/ItemNormalizer.php#L160-L164
and in its usage on line 90 it does indeed not create a cache key, but the parent::normalize() that is called afterwards still creates the cache key and causes the issue.
Impact
It grants access to properties that it should not.
Workarounds
Override the ItemNormalizer.
Patched at: https://github.com/api-platform/core/commit/7af65aad13037d7649348ee3dcd88e084ef771f8
Affected Packages
| Ecosystem | Package | Vulnerable range | Fix |
|---|---|---|---|
| 🐘Packagist | api-platform/graphql | ≥ 4.0.0-alpha.1&&< 4.0.22 | 4.0.22 |
| 🐘Packagist | api-platform/core | ≥ 4.0.0-alpha.1&&< 4.0.22 | 4.0.22 |
| 🐘Packagist | api-platform/graphql | all versions | 3.4.17 |
| 🐘Packagist | api-platform/core | all versions | 3.4.17 |
| 🐘Packagist | api-platform/core | ≥ 4.1.0-alpha.1&&< 4.1.5 | 4.1.5 |
| 🐘Packagist | api-platform/graphql | ≥ 4.1.0-alpha.1&&< 4.1.5 | 4.1.5 |
Detection & mitigation playbook
Open-source dependencyDetect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for api-platform/graphql. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update api-platform/graphql to 4.0.22 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-428q-q3vv-3fq3 is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-428q-q3vv-3fq3 is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.
Tailored to GHSA-428q-q3vv-3fq3. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.
Frequently Asked Questions
Is GHSA-428q-q3vv-3fq3 in your dependencies?
O3 detects GHSA-428q-q3vv-3fq3 across Packagist dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.