3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
30.9%
graphql-go is a GraphQL server with a focus on ease of use. In versions
prior to 1.3.0 there exists a DoS vulnerability that is possible due to a
bug in the library that would allow an attacker with specifically designed
queries to cause stack overflow panics. Any user with access to the GraphQL
handler can send these queries and cause stack overflows. This in turn
could potentially compromise the ability of the server to serve data to its
users. The issue has been patched in version v1.3.0
. The only known
workaround for this issue is to disable the graphql.MaxDepth
option from
your schema which is not recommended.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | golang-github-graph-gophers-graphql-go | < any | UNKNOWN |
github.com/graph-gophers/graphql-go/commit/eae31ca73eb3473c544710955d1dbebc22605bfe (v1.3.0)
github.com/graph-gophers/graphql-go/pull/492
github.com/graph-gophers/graphql-go/security/advisories/GHSA-mh3m-8c74-74xh
launchpad.net/bugs/cve/CVE-2022-21708
nvd.nist.gov/vuln/detail/CVE-2022-21708
security-tracker.debian.org/tracker/CVE-2022-21708
www.cve.org/CVERecord?id=CVE-2022-21708
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
30.9%