Описание
graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9.
A flaw was found in GraphQL Java. This flaw allows an attacker to use a malicious query in GraphQL to cause a denial of service due to inefficient lexer input validation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Quarkus | graphql-java | Fix deferred | ||
| Red Hat Fuse 7 | graphql-java | Not affected | ||
| Red Hat Integration Camel K 1 | graphql-java | Fix deferred | ||
| Red Hat JBoss Enterprise Application Platform 7 | graphql-java | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | graphql-java | Not affected | ||
| Red Hat build of Eclipse Vert.x 4.3.3 | graphql-java | Fixed | RHSA-2022:6757 | 05.10.2022 |
| Red Hat build of Quarkus 2.13.5 | Fixed | RHSA-2022:9023 | 14.12.2022 | |
| RHINT Service Registry 2.3.0 GA | graphql-java | Fixed | RHSA-2022:6835 | 06.10.2022 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9.
graphql-java vulnerable to Denial of Service via GraphQL query that consumes CPU resources
7.5 High
CVSS3