Headline

GHSA-xq3c-8gqm-v648: async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow

Impact

Executing deeply nested queries may cause stack overflow.

Patches

Upgrade to v4.0.6

2 years ago

ghsa

Open in Source

#vulnerability #git

GitHub Advisory Database
GitHub Reviewed
GHSA-xq3c-8gqm-v648

async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow

High severity GitHub Reviewed Published Jul 29, 2022 in async-graphql/async-graphql

Vulnerability details Dependabot alerts 0

Package

cargo async-graphql (Rust)

Affected versions

< 4.0.6

Patched versions

4.0.6

Description

Impact

Executing deeply nested queries may cause stack overflow.

Patches

Upgrade to v4.0.6

References

GHSA-xq3c-8gqm-v648
async-graphql/async-graphql@521769b

sunli829 published the maintainer security advisory

Jul 26, 2022

Severity

High

7.5

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-xq3c-8gqm-v648

Source code

async-graphql/async-graphql

Credits

c3b5aw
MdotTIM
karimhreda

Checking history

See something to contribute? Suggest improvements for this vulnerability.

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution

2 days ago

ghsa

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

2 days ago

ghsa

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

2 days ago

ghsa

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

2 days ago

ghsa

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

2 days ago

ghsa