PT-2022-24054 · Unknown · Graphql-Java
Act1On3
·
Published
2022-09-12
·
Updated
2024-06-14
·
CVE-2022-37734
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
graphql-java versions prior to 19.0
graphql-java version 18.3
graphql-java version 17.4
Description
The issue allows an attacker to send a malicious GraphQL query that consumes CPU resources, leading to a Denial of Service. This can be achieved by exploiting the
graphql-java functionality, specifically through crafting malicious queries that overwhelm the system's resources.Recommendations
For versions prior to 19.0, update to version 19.0 or later.
For version 18.3, no additional action is required as it is a fixed version.
For version 17.4, no additional action is required as it is a fixed version.
As a temporary workaround, consider restricting the use of malicious GraphQL queries to minimize the risk of exploitation.
Exploit
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Graphql-Java