CVE-2022-37734
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-37734
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37734.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-37734
- Aliases
- Published
- 2022-09-12T14:15:09Z
- Modified
- 2025-10-21T07:13:20.790642Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9.
- References
Affected packages
Git / github.com/graphql-java/graphql-java
Affected ranges
- Type
- GIT
- Repo
- https://github.com/graphql-java/graphql-java
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
12.*
12.0
v1.*
v1.0
v1.2
v1.3
v10.*
v10.0
v11.*
v11.0
v12.*
v12.0
v13.*
v13.0
v14.*
v14.0
v15.*
v15.0
v16.*
v16.0
v16.1
v16.2
v17.*
v17.0
v17.0-beta1
v17.0.0-beta1
v17.1
v17.2
v17.3
v2.*
v2.0.0
v2.1.0
v2.2.0
v2.3.0
v2.4.0
v3.*
v3.0.0
v4.*
v4.0
v5.*
v5.0
v6.*
v6.0
v7.*
v7.0
v8.*
v8.0
v9.*
v9.0
v9.1
v9.7
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"digest": {
"function_hash": "93775340063257576420437176830502435027",
"length": 189.0
},
"target": {
"file": "src/main/java/graphql/parser/ParserOptions.java",
"function": "ParserOptions"
},
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-16e12776",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "242272474405081194120937899803989509873",
"length": 90.0
},
"target": {
"file": "src/main/java/graphql/parser/ParserOptions.java",
"function": "setDefaultParserOptions"
},
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-19827c25",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "83300036397416521057968837677396436291",
"length": 1745.0
},
"target": {
"file": "src/main/java/graphql/parser/Parser.java",
"function": "parseImpl"
},
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-1e893038",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "323716056625519185697603535748923675579",
"length": 371.0
},
"target": {
"file": "src/main/java/graphql/ParseAndValidate.java",
"function": "parse"
},
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-27f71181",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"327313528772033852769138767045862315128",
"38224152990341321802760842872650408722",
"50542859188469550587409440945614843861",
"274604519602800115133939040384325617121",
"55390905972230360398103258584810948981",
"271183398574206198162774322637663772383",
"259751934798734590057682613008442020894",
"246986743572428410552306757524808685648",
"64854474599643194799614141488224139323",
"199413608477023866508311530228751477760",
"151568425059874139309352663224459445100",
"112705530689392205078957767109990188129",
"132481726129969556431176651074592288847",
"115042811434315144026467708874868365155",
"272221780836295962255405953184159312723",
"222316103812229908315685198011392002219",
"248900440263277729422606665591361717655",
"298572792697906867719504168729246833396",
"117764067224015025876405603189739045230",
"63621848100980322416734798000413154781",
"169547964225277905151142434049566415409",
"116199640044568161228877738163307222376"
]
},
"target": {
"file": "src/main/java/graphql/parser/GraphqlAntlrToLanguage.java"
},
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-4d8a3d98",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"231317867431027672454435376203271319778",
"258836306957640166998387823613388202721",
"279790613970337322458291960644857280394",
"200015203361077272538909783775785747609",
"205489744594438209449590621758389532312",
"19476943207368227821352799485658794877",
"231228673773969442536304582333381860664",
"300726457451543713804695850602605994504",
"272501136078590120716060014524250993019",
"41465275300180062784040304922468942636",
"149947001113437305816686791808034366427",
"209181306615889711168565746838297879554",
"326291010190581536729631171048085641226",
"9181771293891077597982346838205150911",
"239963062720764187558554953321430405935",
"27627219914879921622339016121365065845",
"10021165533603323610541664016683751057",
"144735760745577827917645206352927009027",
"141838475747838328448319653495519225643",
"225132642712615008413759051320494204109",
"166940260421749952511086179725923257397",
"321965589026147697180297392702644052834",
"159109968627392100733547977476632487759",
"306293743307762265430374828072452280222",
"117090957886447440791103723384359496828",
"71832764568475348893008338833819646664",
"301347195927780922252540163058014771161",
"6494659158953867478143511918870830720",
"263675226008663402919642860175877867334",
"337287212332216094383345629853444856768",
"312018734226524565074960012388426747026",
"51871251903463654237346166175549868526",
"22104538293247937202215186492606163450",
"37793481901245533217953790822510391561",
"70151371328435594289928652107717301375",
"286511629820410907763634315548990595444",
"247868764764255969239659809353361411477",
"267145490618112151045785597562336619584",
"129489041032544141626497038633758346496",
"175984641097863824014702241520319932628",
"235798614766532142042299786295922605949",
"323565472056076064323226790877949563832",
"181601915728943091169547316673835997631",
"243930357275511385670238708335117352638",
"185958867947281037346175786420803175493",
"190880896003208468275367352475659508114",
"232095943173328470026441086212303947449",
"197776538082931723413575739534562211933",
"221602218302271348297814065345045431224",
"117167603300051093555899489990376710333",
"19360163883863100654519157062032647181",
"276726009393873248976542950838164435372"
]
},
"target": {
"file": "src/main/java/graphql/parser/ParserOptions.java"
},
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-5ffe9dec",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "135359001098883070222183516224908804118",
"length": 475.0
},
"target": {
"file": "src/main/java/graphql/parser/GraphqlAntlrToLanguage.java",
"function": "addIgnoredChars"
},
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-61da9b8b",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"307181059479443774914007982784567247247",
"309000824723211827208997559430837087064",
"333188367749133571961289750731232656362",
"109961255255314114844671506027463322562"
]
},
"target": {
"file": "src/main/java/graphql/schema/idl/SchemaParser.java"
},
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-702d01ac",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "6758193916495697456894287241643119638",
"length": 824.0
},
"target": {
"file": "src/main/java/graphql/parser/Parser.java",
"function": "setupParserListener"
},
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-7370b163",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"118465720260490588150083412730448499683",
"266988900597722288166088534587184027168",
"112448572650040968839409030957199215774",
"250413485999558196417787313571713215486",
"324866431856175697198406020250903499812",
"1315691986785545464202561693103567367",
"239191736441161835876512763005144929077",
"28416880140610312629523915120235014605",
"57437989763594644086002126859596044990",
"155002159058041262366379930811896460105",
"254930007877439132478537315565845919213",
"194671155646375777850144009100203847307",
"297138513704804790974890549626036172956",
"326193645860985061885395548563356006846"
]
},
"target": {
"file": "src/main/java/graphql/ParseAndValidate.java"
},
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-7b876534",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "302035541223276456248278913968872789194",
"length": 164.0
},
"target": {
"file": "src/main/java/graphql/parser/GraphqlAntlrToLanguage.java",
"function": "GraphqlAntlrToLanguage"
},
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-7e615c97",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "138139050151634242939473446555368747249",
"length": 353.0
},
"target": {
"file": "src/main/java/graphql/schema/idl/SchemaParser.java",
"function": "parseImpl"
},
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-cf2a409c",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "93775340063257576420437176830502435027",
"length": 189.0
},
"target": {
"file": "src/main/java/graphql/parser/ParserOptions.java",
"function": "Builder"
},
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-cf7322f7",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"115867567869463879279527014499888349822",
"48951013704344190133274526944485182192",
"266820648630310748044451899314515875437",
"116101924031770295309119577475575721816",
"139300129402595280102683314494486928069",
"64725170757179767237551196184760144427",
"178542823560370660826503505666770655759",
"240299546043160802574510017775234258911",
"118170366461290685672368725021919309107",
"107717720359169909590173805425541857538",
"231373125843461325698614127761047825798",
"261794225263453175705330016889677757428",
"272522729430044705388557687013535291055",
"304930391975417100021342451044407081866",
"52900104041536220342184440953426345718",
"180995468988723416961152588154911166338",
"327355066880643499099749122521729511673",
"160372056191326273553434499101877274283",
"91862748904144811656096990766505828699",
"227318968818519575725425044714159761395",
"93493621141663096712459318803432231974",
"13556988027510616162428986635045177918",
"276026306310097071525384262766121329532",
"164196293541947006480289212693081826542",
"209642402691995345608912351558526236436",
"87905371709818369655208666056243940825",
"21155586188270923203314999408382070740",
"309845019958237845687328390800258670777",
"320115930316789962798056712538784004317",
"251239448787545458290179002400865518299",
"178141823269753667453735617479298620831"
]
},
"target": {
"file": "src/main/java/graphql/parser/Parser.java"
},
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-da25d03d",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "321523436238932591369077871199737231508",
"length": 513.0
},
"target": {
"file": "src/main/java/graphql/parser/Parser.java",
"function": "visitTerminal"
},
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-f45d01c5",
"deprecated": false,
"signature_version": "v1"
}
]