Veracode Vulnerability DatabaseVERACODE:40005Denial Of Services (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
24.1%
graphql-java is vulnerable to Denial Of Services (DoS). An attacker can send a maliciously crafted GraphQL query that causes excessive stack consumption, which can lead to an application crash.
References
github.com/advisories/GHSA-p4qx-6w5p-4rj2
github.com/graphql-java/graphql-java/commit/1f905d8f5a3343da9abe4522fd145de0c319cd4e
github.com/graphql-java/graphql-java/commit/354bcc355549ef12661d6064ea51a6d4bf20a66c
github.com/graphql-java/graphql-java/commit/3e2ccea4c1a41b81ea7c9fd31d7d2dab7e06f8f3
github.com/graphql-java/graphql-java/commit/80e313597d0d9b03f9d28f4de4dbfa118705360f
github.com/graphql-java/graphql-java/pull/3112
github.com/graphql-java/graphql-java/releases/tag/v17.5
github.com/graphql-java/graphql-java/releases/tag/v18.4
github.com/graphql-java/graphql-java/releases/tag/v19.4
github.com/graphql-java/graphql-java/releases/tag/v20.1
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
24.1%