4 matches found
CVE-2023-22477
Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. This issue was patched in 940. As a workaround, users can disable subscriptions...
CVE-2023-22477
Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. This issue was patched in 940. As a workaround, users can disable subscriptions...
CVE-2023-22477 Mercurius is vulnerable to denial of service (DoS) when using subscriptions
Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. This issue was patched in 940. As a workaround, users can disable subscriptions...
CVE-2023-22477
Summary: CVE-2023-22477 affects Mercurius (GraphQL adapter for Fastify) prior to v10.5.0. A malformed WebSocket packet sent to "/graphql" can cause a denial of service. The issue is documented in multiple sources and was patched in PR #940, with the fix released in v11.5.0 (and v8.13.2 in some br...