Products
GraphQL Java (graphql-java)
- before 21.5
- 20.9
- 19.11
Source
cve@mitre.org
Tags
CVE-2024-40094 details
Published : July 30, 2024, 7:15 a.m.
Last Modified : July 30, 2024, 1:32 p.m.
Last Modified : July 30, 2024, 1:32 p.m.
Description
GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
References
URL | Source |
---|---|
https://github.com/graphql-java/graphql-java/commit/97743bc1b5caa2b0bd894dc8e128b47e4d771e4a | cve@mitre.org |
https://github.com/graphql-java/graphql-java/discussions/3641 | cve@mitre.org |
https://github.com/graphql-java/graphql-java/pull/3539 | cve@mitre.org |
https://github.com/graphql-java/graphql-java/releases/tag/v19.11 | cve@mitre.org |
https://github.com/graphql-java/graphql-java/releases/tag/v20.9 | cve@mitre.org |
https://github.com/graphql-java/graphql-java/releases/tag/v21.5 | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.