PT-2024-32674 · Unknown · Async-Graphql
Published
2024-10-03
·
Updated
2026-05-06
·
CVE-2024-47614
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
async-graphql versions prior to 7.0.10
Description
The issue is related to the async-graphql library, a GraphQL server implemented in Rust, where it does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation.
Recommendations
For versions prior to 7.0.10, upgrade to v7.0.10 or use
SchemaBuilder.limit directives to limit the maximum number of directives for a single field.Exploit
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Async-Graphql