6 matches found
CVE-2026-47706
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth...
GHSA-QFWV-87QJ-98XQ Strawberry GraphQL has a Circular Fragment Reference DOS
Summary The QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth function enters an infinite recursion, leading to a RecursionError and crashing the...
CVE-2026-47706
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth...
CVE-2026-47706 Strawberry GraphQL has a Circular Fragment Reference DOS
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth...
CVE-2026-47706
The CVE affects Strawberry GraphQL versions 0.71.0–0.315.6, where the QueryDepthLimiter lacks cycle detection in fragment spreads, causing infinite recursion and an application-level DOS (RecursionError) during validation. The issue is fixed in 0.315.7. Remediation: upgrade to 0.315.7 or later. T...
PT-2026-46249
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determine depth...