Skip to content

async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow

High
sunli829 published GHSA-xq3c-8gqm-v648 Jul 26, 2022

Package

cargo async-graphql (Rust)

Affected versions

< 4.0.6

Patched versions

4.0.6

Description

Impact

Executing deeply nested queries may cause stack overflow.

Patches

Upgrade to v4.0.6

Severity

High
7.5
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE ID

CVE-2022-31173

Weaknesses

No CWEs

Credits