CVE-2023-22477

Name of the Vulnerable Software and Affected Versions Mercurius versions prior to 11.5.0

Description Mercurius is a GraphQL adapter for Fastify. The issue allows for a denial of service attack by sending a malformed packet over WebSocket to "/graphql". This can affect any users of Mercurius.

Recommendations For versions prior to 11.5.0, update to version 11.5.0 or apply the patch from https://github.com/mercurius-js/mercurius/pull/940. As a temporary workaround, consider disabling subscriptions to minimize the risk of exploitation.