CVE Vulnerability

CVE-2022-31173

Juniper is a GraphQL server library for Rust. Affected versions of Juniper are vulnerable to uncontrolled recursion resulting in a program crash. This issue has been addressed in version 0.15.10. Users are advised to upgrade. Users unable to upgrade should limit the recursion depth manually.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/graphql-rust/juniper/commit/8d28cdba6eb10f53490ba41d1b5cb40506c2de22 Patch Third Party Advisory
https://github.com/graphql-rust/juniper/blob/juniper-v0.15.10/juniper/CHANGELOG.md#01510-2022-07-28 Release Notes Third Party Advisory
https://github.com/graphql-rust/juniper/commit/2b609ee057be950e3454b69fadc431d120e407bb Patch Third Party Advisory
https://github.com/graphql-rust/juniper/security/advisories/GHSA-4rx6-g5vg-5f3j Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:juniper_project:juniper:*:*:*:*:*:rust:*:*
Information

Published : 2022-08-01 07:15

Updated : 2022-08-08 03:24

NVD link : CVE-2022-31173

Mitre link : CVE-2022-31173

Products Affected
No products.
CWE
CWE-400