CVE-2023-26144

Name of the Vulnerable Software and Affected Versions graphql versions 16.3.0 through 16.8.1

Description The issue is related to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This allows an attacker to degrade system performance. It was not proven that this vulnerability can crash the process.

Recommendations For versions 16.3.0 through 16.8.1, consider updating to a version after 16.8.1 to resolve the issue. As a temporary workaround, consider restricting the size of queries to prevent large queries from being parsed.