Описание
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.
Note: It was not proven that this vulnerability can crash the process.
A flaw was found in the graphql package. Affected versions of this package are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This issue may allow an attacker to degrade system performance.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Serverless | graphql | Will not fix | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/search-api-rhel8 | Will not fix | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-main-rhel8 | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-console | Will not fix | ||
| Red Hat OpenShift Data Science (RHODS) | rhods/odh-dashboard-rhel8 | Affected | ||
| Red Hat OpenShift Dev Spaces | devspaces/code-rhel8 | Will not fix | ||
| Migration Toolkit for Virtualization 2.5 | migration-toolkit-virtualization/mtv-console-plugin-rhel9 | Fixed | RHBA-2023:6078 | 24.10.2023 |
| Red Hat Advanced Cluster Security 4.4 | advanced-cluster-security/rhacs-main-rhel8 | Fixed | RHSA-2024:1570 | 28.03.2024 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. **Note:** It was not proven that this vulnerability can crash the process.
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. **Note:** It was not proven that this vulnerability can crash the process.
Versions of the package graphql from 16.3.0 and before 16.8.1 are vuln ...
graphql Uncontrolled Resource Consumption vulnerability
EPSS
5.3 Medium
CVSS3