An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/vektah/gqlparser | lt | 2.5.14 | |
github.com/vektah/gqlparser/v2 | lt | 2.5.14 |
gist.github.com/uvzz/d3ed9d4532be16ec1040a2cf3dfec8d1
github.com/99designs/gqlgen/issues/3118
github.com/advisories/GHSA-2hmf-46v7-v6fx
github.com/vektah/gqlparser/blob/master/parser/query.go#L316
github.com/vektah/gqlparser/commit/36a3658873bf5a107f42488dfc392949cdd02977
nvd.nist.gov/vuln/detail/CVE-2023-49559