Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.11 views

CVE-2026-43967

Inefficient Algorithmic Complexity vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via quadratic fragment-name uniqueness validation. 'Elixir.Absinthe.Phase.Document.Validation.UniqueFragmentNames':run/2 iterates over all fragments and for each one calls...

8.7CVSS5.5AI score0.00624EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/14 1:8 p.m.22 views

EUVD-2026-28800

Absinthe: Quadratic fragment-name uniqueness check...

8.7CVSS5.8AI score0.00624EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/05/08 3:42 p.m.10 views

CVE-2026-43967 Quadratic fragment-name uniqueness check causes denial of service in absinthe

Inefficient Algorithmic Complexity vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via quadratic fragment-name uniqueness validation. 'Elixir.Absinthe.Phase.Document.Validation.UniqueFragmentNames':run/2 iterates over all fragments and for each one calls...

8.7CVSS5.8AI score0.00624EPSS
Exploits1References4
CVE
CVE
added 2026/05/08 3:42 p.m.23 views

CVE-2026-43967

Summary: CVE-2026-43967 affects Absinthe (Elixir/absinthe-graphql). The vulnerability arises in the fragment-name validation phase where UniqueFragmentNames:run/2 checks each fragment name by counting matches with a full linear scan, yielding O(N^2) comparisons per document. With attacker-control...

8.7CVSS5.8AI score0.00624EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.17 views

PT-2026-39148

Name of the Vulnerable Software and Affected Versions absinthe versions 1.2.0 through 1.10.1 Description An inefficient algorithmic complexity issue allows unauthenticated denial of service through quadratic fragment-name uniqueness validation. The function run/2 within...

8.7CVSS5.8AI score0.00624EPSS
Exploits1References10
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

Absinthe 安全漏洞

Absinthe is an open-source GraphQL implementation framework based on Elixir. Versions of Absinthe from 1.2.0 to 1.10.2 contained security vulnerabilities. These vulnerabilities were due to a quadratic algorithm complexity issue in the uniqueness validation of fragment names, which could lead to...

8.7CVSS5.8AI score0.00624EPSS
Exploits1References1
Rows per page
Query Builder