CVE-2024-40094

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions GraphQL Java versions prior to 21.5 GraphQL Java version 20.9 GraphQL Java version 19.11

Description The issue is related to the improper consideration of ExecutableNormalizedFields (ENFs) in preventing denial of service via introspection queries. This can lead to a denial of service.

Recommendations For versions prior to 21.5, update to version 21.5 or later to resolve the issue. For version 20.9, no additional action is required as it is a fixed version. For version 19.11, no additional action is required as it is a fixed version.

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CLEANSTART-2026-DD05788

CLEANSTART-2026-KU61465

CLEANSTART-2026-LE11246

CLEANSTART-2026-RN56220

CLEANSTART-2026-VH41554

CVE-2024-40094

GHSA-H9MQ-F6Q5-6C8M

Affected Products

Graphql-Java

CVE-2024-40094

Weakness Enumeration

Related Identifiers

Affected Products

References · 252