CVE Vulnerability

CVE-2022-37734

graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/graphql-java/graphql-java/pull/2892 Exploit Patch
https://github.com/graphql-java/graphql-java/issues/2888 Issue Tracking Patch
https://github.com/graphql-java/graphql-java/discussions/2958 Patch Third Party Advisory
https://github.com/graphql-java/graphql-java/releases Release Notes Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:graphql-java_project:graphql-java:*:*:*:*:*:*:*:*
cpe:2.3:a:graphql-java_project:graphql-java:*:*:*:*:*:java:*:*
Information

Published : 2022-09-12 02:15

Updated : 2022-09-28 08:15

NVD link : CVE-2022-37734

Mitre link : CVE-2022-37734

Products Affected
No products.
CWE
CWE-400