CVE-2022-30288

Name of the Vulnerable Software and Affected Versions Agoo versions prior to 2.14.3

Description The issue arises when Agoo does not reject GraphQL fragment spreads that form cycles, which can lead to an application crash. It has been disputed by the vendor, who claims it is not the server's responsibility to enforce all the various ways a developer could write code with logic errors.

Recommendations For versions prior to 2.14.3, update to version 2.14.3 or later to resolve the issue. As a temporary workaround, consider implementing logic to detect and prevent GraphQL fragment spreads that form cycles.