Описание
gqlparser denial of service vulnerability via the parserDirectives function
An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-49559
- https://github.com/99designs/gqlgen/issues/3118
- https://github.com/vektah/gqlparser/commit/36a3658873bf5a107f42488dfc392949cdd02977
- https://gist.github.com/uvzz/d3ed9d4532be16ec1040a2cf3dfec8d1
- https://github.com/advisories/GHSA-2hmf-46v7-v6fx
- https://github.com/vektah/gqlparser/blob/master/parser/query.go#L316
Пакеты
Наименование
github.com/vektah/gqlparser/v2
go
Затронутые версииВерсия исправления
< 2.5.14
2.5.14
Наименование
github.com/vektah/gqlparser
go
Затронутые версииВерсия исправления
< 2.5.14
2.5.14
Связанные уязвимости
CVSS3: 3.7
nvd
больше 1 года назад
An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function.