Описание
Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint [is not] designed to withstand attacks by hostile clients, nor handle huge amounts of clients/traffic.
Уязвимые конфигурации
Конфигурация 1Версия до 1.13.4 (включая)
cpe:2.3:a:ethereum:go_ethereum:*:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.0051
Низкий
7.5 High
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.5
debian
больше 2 лет назад
Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, ...
CVSS3: 7.5
github
больше 2 лет назад
go-ethereum vulnerable to denial of service via crafted GraphQL query
EPSS
Процентиль: 66%
0.0051
Низкий
7.5 High
CVSS3
Дефекты
NVD-CWE-noinfo