Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-28867

Опубликовано: 27 мар. 2023
Источник: redhat
CVSS3: 7.5

Описание

In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135.

A flaw was found in GraphQL Java. This issue may allow a malicious user to send a crafted GraphQL query that causes stack consumption, causing a denial of service.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Fuse 7graphql-javaNot affected
Red Hat Integration Camel K 1graphql-javaWill not fix
Red Hat JBoss Enterprise Application Platform 7graphql-javaNot affected
Red Hat JBoss Enterprise Application Platform Expansion Packgraphql-javaNot affected
Red Hat OpenShift Application Runtimesgraphql-javaWill not fix
Red Hat build of Quarkus 2.13.8.Finalcom.graphql-java/graphql-javaFixedRHSA-2023:380929.06.2023
RHINT Service Registry 2.4.3 GAgraphql-javaFixedRHSA-2023:381527.06.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2181977graphql-java: crafted GraphQL query causes stack consumption

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-28867

CVSS3: 7.5
nvd
почти 3 года назад

In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135.

github логотип

GHSA-p4qx-6w5p-4rj2

CVSS3: 7.5
github
почти 3 года назад

GraphQL Java vulnerable to stack consumption

7.5 High

CVSS3