Описание
Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. This issue was patched in #940. As a workaround, users can disable subscriptions.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.13.2 (исключая)Версия от 9.0.0 (включая) до 11.5.0 (исключая)
Одно из
cpe:2.3:a:mercurius_project:mercurius:*:*:*:*:*:node.js:*:*
cpe:2.3:a:mercurius_project:mercurius:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 48%
0.00247
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-248
NVD-CWE-Other
Связанные уязвимости
CVSS3: 5.3
github
около 3 лет назад
mercurius has Uncaught Exception when using subscriptions
EPSS
Процентиль: 48%
0.00247
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-248
NVD-CWE-Other