Description
graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9.
Remediation
References
https://github.com/graphql-java/graphql-java/discussions/2958
https://github.com/graphql-java/graphql-java/issues/2888
https://github.com/graphql-java/graphql-java/pull/2892
https://github.com/graphql-java/graphql-java/releases
Related Vulnerabilities
CVE-2018-3722 Vulnerability in npm package merge-deep
CVE-2023-36479 Vulnerability in maven package org.eclipse.jetty.ee10:jetty-ee10-servlets
CVE-2021-32808 Vulnerability in maven package org.webjars.bowergithub.ckeditor:ckeditor4
CVE-2023-36468 Vulnerability in maven package org.xwiki.platform:xwiki-platform-core
CVE-2022-22968 Vulnerability in maven package org.springframework:spring-context