Описание
graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.from_introspection (or GraphQL::Schema::Loader.load) can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via GraphQL introspection. Versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21 contain a patch for the issue.
A flaw was found in graphql-ruby. In affected versions of graphq-ruby, loading a malicious schema definition in the GraphQL::Schema.from_introspection or the GraphQL::Schema::Loader.load can cause remote code execution. Any system that loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via GraphQL introspection.
Отчет
This vulnerability is marked as Important rather than Critical because interaction with the vulnerable GraphQL library is restricted to only authenticated users in Red Hat Satellite. Satellite does not dynamically load schemas from external sources, further reducing the feasibility of exploitation.
Меры по смягчению последствий
A successful exploitation of this flaw requires GraphQL schema loading. Limiting the schema loading to trusted or authenticated users will limit the impact of the vulnerability. Coupling that with a strict input validation for all GraphQL schema being loaded would reduce the risk of a successful attack and cover as a possible mitigation strategy for this vulnerability.
Ссылки на источники
Дополнительная информация
Статус:
8.5 High
CVSS3
Связанные уязвимости
graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in `GraphQL::Schema.from_introspection` (or `GraphQL::Schema::Loader.load`) can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via GraphQL introspection. Versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21 contain a patch for the issue.
graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in `GraphQL::Schema.from_introspection` (or `GraphQL::Schema::Loader.load`) can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via GraphQL introspection. Versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21 contain a patch for the issue.
graphql-ruby is a Ruby implementation of GraphQL. Starting in version ...
graphql allows remote code execution when loading a crafted GraphQL schema
Уязвимость среды выполнения запросов GraphQL библиотеки Ruby и программной платформы на базе git для совместной работы над кодом GitLab CE/EE, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код
8.5 High
CVSS3