CVE-2024-40094
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
30/07/2024
Last modified:
30/07/2024
Description
GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions.
Impact
References to Advisories, Solutions, and Tools
- https://github.com/graphql-java/graphql-java/commit/97743bc1b5caa2b0bd894dc8e128b47e4d771e4a
- https://github.com/graphql-java/graphql-java/discussions/3641
- https://github.com/graphql-java/graphql-java/pull/3539
- https://github.com/graphql-java/graphql-java/releases/tag/v19.11
- https://github.com/graphql-java/graphql-java/releases/tag/v20.9
- https://github.com/graphql-java/graphql-java/releases/tag/v21.5