← Back

CVE-2023-26144

nvd nist
Published: Sep 20, 2023Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. **Note:** It was not proven that this vulnerability can crash the process.

Affected (3)

Products: Graphql: Graphql
Graphql
1 product
Graphql
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Graphql
Graphql
From 16.3.0 to 16.8.1
Graphql
Version 17.0.0 alpha1
Graphql
Version 17.0.0 alpha2

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (10)

Source: report@snyk.io
Patch
Source: report@snyk.io
ExploitIssue TrackingThird Party Advisory
Source: report@snyk.io
Product
Source: report@snyk.io
Release Notes
Source: report@snyk.io
ExploitIssue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingPatchThird Party Advisory

Timeline

No history available yet.