Описание
Agoo through 2.14.2 does not reject GraphQL fragment spreads that form cycles, leading to an application crash.
Agoo through 2.14.2 does not reject GraphQL fragment spreads that form cycles, leading to an application crash.
Связанные уязвимости
CVSS3: 7.5
nvd
почти 4 года назад
Agoo before 2.14.3 does not reject GraphQL fragment spreads that form cycles, leading to an application crash. NOTE: the vendor has disputed this on the grounds that it is not the server's responsibility to "enforce all the various ways a developer could write code with logic errors.