Опубликовано: 03 окт. 2024
Источник: github
Github: Прошло ревью
CVSS4: 8.7
CVSS3: 7.5
Описание
async-graphql Directive Overload
Impact
- Service Disruption: The server may become unresponsive or extremely slow, potentially leading to downtime.
- Resource Exhaustion: Excessive use of server resources, such as CPU and memory, could negatively impact other services running on the same infrastructure.
- User Experience Degradation: Users may experience delays or failures when accessing the service, which could lead to frustration and loss of trust in the service.
Patches
- Upgrade to v7.0.10
- Use SchemaBuilder.limit_directives to limit the maximum number of directives for a single field.
Пакеты
Наименование
async-graphql
rust
Затронутые версииВерсия исправления
< 7.0.10
7.0.10
Связанные уязвимости
CVSS3: 7.5
nvd
больше 1 года назад
async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10.