Описание
graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9.
Ссылки
- PatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- ExploitPatchThird Party Advisory
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- ExploitPatchThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 17.4 (исключая)Версия от 18.0 (включая) до 18.3 (исключая)
Одно из
cpe:2.3:a:graphql-java_project:graphql-java:*:*:*:*:*:java:*:*
cpe:2.3:a:graphql-java_project:graphql-java:*:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01169
Низкий
7.5 High
CVSS3
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 7.5
redhat
больше 3 лет назад
graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9.
CVSS3: 7.5
github
больше 3 лет назад
graphql-java vulnerable to Denial of Service via GraphQL query that consumes CPU resources
EPSS
Процентиль: 78%
0.01169
Низкий
7.5 High
CVSS3
Дефекты
NVD-CWE-Other