PT-2021-23943 · Mercurius+1 · Mercurius+1

Mcollina

Published

2021-12-13

Updated

2021-12-15

CVE-2021-43801

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Mercurius versions 8.10.0 through 8.11.1

Description: The issue affects Mercurius, a GraphQL adapter for Fastify, where users can be subjected to a denial of service attack by sending a malformed JSON to the /graphql API endpoint, unless they are using a custom error handler.

Recommendations: For versions 8.10.0 through 8.11.1, update to version 8.11.2 to resolve the issue. As a temporary workaround for versions 8.10.0 through 8.11.1, consider using a custom error handler to mitigate the risk of exploitation.

Fix

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754

Related Identifiers

CVE-2021-43801

GHSA-273R-RM8G-7F3X

Affected Products

Fastify

Mercurius

PT-2021-23943 · Mercurius+1 · Mercurius+1

CVE-2021-43801

Weakness Enumeration

Related Identifiers

Affected Products

References · 8