3 matches found
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from repeatedly calling strings.Split within loops, causing the validation cost to increa...
CVE-2026-43967
Summary: CVE-2026-43967 affects Absinthe (Elixir/absinthe-graphql). The vulnerability arises in the fragment-name validation phase where UniqueFragmentNames:run/2 checks each fragment name by counting matches with a full linear scan, yielding O(N^2) comparisons per document. With attacker-control...
CVE-2026-40476 graphql-php: Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation
graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs On² pairwise comparisons of fields sharing the same response name. An attacker can send a query with thousands of repeated identical fields, causing excessive CPU...