Skip to content

async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow

High severity GitHub Reviewed Published Jul 26, 2022 in async-graphql/async-graphql • Updated Jan 6, 2023

Package

cargo async-graphql (Rust)

Affected versions

< 4.0.6

Patched versions

4.0.6

Description

Impact

Executing deeply nested queries may cause stack overflow.

Patches

Upgrade to v4.0.6

References

@sunli829 sunli829 published to async-graphql/async-graphql Jul 26, 2022
Published to the GitHub Advisory Database Jul 29, 2022
Reviewed Jul 29, 2022
Last updated Jan 6, 2023

Severity

High
7.5
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-xq3c-8gqm-v648

Source code

Credits

Checking history
See something to contribute? Suggest improvements for this vulnerability.