CVE-2022-37734
- Source
- https://cve.org/CVERecord?id=CVE-2022-37734
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37734.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-37734
- Aliases
- Published
- 2022-09-12T14:15:09.047Z
- Modified
- 2026-02-05T08:29:52.919987Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9.
- References
-
- https://github.com/graphql-java/graphql-java/discussions/2958
- https://github.com/graphql-java/graphql-java/issues/2888
- https://github.com/graphql-java/graphql-java/pull/2892
- https://github.com/graphql-java/graphql-java/releases
- https://github.com/graphql-java/graphql-java/issues/2888
- https://github.com/graphql-java/graphql-java/discussions/2958
- https://github.com/graphql-java/graphql-java/issues/2888
- https://github.com/graphql-java/graphql-java/pull/2892
- https://github.com/graphql-java/graphql-java/pull/2892
Affected packages
Git / github.com/graphql-java/graphql-java
Database specific
vanir_signatures
[
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-16e12776",
"target": {
"file": "src/main/java/graphql/parser/ParserOptions.java",
"function": "ParserOptions"
},
"digest": {
"function_hash": "93775340063257576420437176830502435027",
"length": 189.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-19827c25",
"target": {
"file": "src/main/java/graphql/parser/ParserOptions.java",
"function": "setDefaultParserOptions"
},
"digest": {
"function_hash": "242272474405081194120937899803989509873",
"length": 90.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-1e893038",
"target": {
"file": "src/main/java/graphql/parser/Parser.java",
"function": "parseImpl"
},
"digest": {
"function_hash": "83300036397416521057968837677396436291",
"length": 1745.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/0256fd0627148e5b71218e424c310f48b066a041",
"id": "CVE-2022-37734-202b4492",
"target": {
"file": "src/main/java/graphql/parser/ParserOptions.java"
},
"digest": {
"line_hashes": [
"219051450667633530325972259183476636202",
"159860157226825233425246470157035042621",
"277450800966874846292885573556101140245",
"101339871423569255412716454532850297876",
"297478578909588886534657724535513718703",
"13089976929769259490571353488007124246",
"226352509736956798646080091093394892038",
"315092557732735355263430210676035102520",
"149947001113437305816686791808034366427",
"209181306615889711168565746838297879554",
"326291010190581536729631171048085641226",
"7242941642384514760726877197212299557",
"169922511017678912856526749044780534862",
"265214821886774428350857894624587062138",
"69255735532305392282397004206905558347",
"205117692056517553686799615685909565701",
"286380236738087775539874019994300481156",
"244991852435192034088635911186658984221",
"223955027114473500490738497294632818900",
"154597769096947180409040544699680481399",
"29192066853329074634136572598087372049",
"27060173481944663158377812193647845973",
"120231863196888582028585360630482533432",
"272595492006957907172763403211919323408",
"114011131880908954308958035697786631443",
"154476923918938244953928671974036740011",
"51871251903463654237346166175549868526",
"326514695998167875028208243928668609903",
"50675573939680441111638279132721641539",
"132747338018992063484214645278964739591",
"61616143660020220903382064222456939397",
"33316381970584628168118177965470166810",
"252631831990619783884389703062785059467",
"233143813769244316183080388594191138820",
"330910545039998857282262252204816642542",
"219730533286478054623697064530397488817",
"93671693294601059361079913771854842756",
"308172772221908155915528632203960677664",
"210738680218017735836369161340094401420",
"152017923807475988241759782297419553919",
"335670201368948803720098520808311088959"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-27f71181",
"target": {
"file": "src/main/java/graphql/ParseAndValidate.java",
"function": "parse"
},
"digest": {
"function_hash": "323716056625519185697603535748923675579",
"length": 371.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/0256fd0627148e5b71218e424c310f48b066a041",
"id": "CVE-2022-37734-286ddd5c",
"target": {
"file": "src/main/java/graphql/ParseAndValidate.java",
"function": "parse"
},
"digest": {
"function_hash": "3179399893020793862454169747201502685",
"length": 441.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/0256fd0627148e5b71218e424c310f48b066a041",
"id": "CVE-2022-37734-31f81273",
"target": {
"file": "src/main/java/graphql/parser/ParserOptions.java",
"function": "ParserOptions"
},
"digest": {
"function_hash": "4768258003780937161808736331549882024",
"length": 299.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/0256fd0627148e5b71218e424c310f48b066a041",
"id": "CVE-2022-37734-32fb2bac",
"target": {
"file": "src/main/java/graphql/schema/idl/SchemaParser.java",
"function": "parseImpl"
},
"digest": {
"function_hash": "138139050151634242939473446555368747249",
"length": 353.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/0256fd0627148e5b71218e424c310f48b066a041",
"id": "CVE-2022-37734-4729b896",
"target": {
"file": "src/main/java/graphql/parser/Parser.java",
"function": "visitTerminal"
},
"digest": {
"function_hash": "295121292333006304309866478224261265416",
"length": 836.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/0256fd0627148e5b71218e424c310f48b066a041",
"id": "CVE-2022-37734-48df8f17",
"target": {
"file": "src/main/java/graphql/parser/ParserOptions.java",
"function": "Builder"
},
"digest": {
"function_hash": "4768258003780937161808736331549882024",
"length": 299.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-4d8a3d98",
"target": {
"file": "src/main/java/graphql/parser/GraphqlAntlrToLanguage.java"
},
"digest": {
"line_hashes": [
"327313528772033852769138767045862315128",
"38224152990341321802760842872650408722",
"50542859188469550587409440945614843861",
"274604519602800115133939040384325617121",
"55390905972230360398103258584810948981",
"271183398574206198162774322637663772383",
"259751934798734590057682613008442020894",
"246986743572428410552306757524808685648",
"64854474599643194799614141488224139323",
"199413608477023866508311530228751477760",
"151568425059874139309352663224459445100",
"112705530689392205078957767109990188129",
"132481726129969556431176651074592288847",
"115042811434315144026467708874868365155",
"272221780836295962255405953184159312723",
"222316103812229908315685198011392002219",
"248900440263277729422606665591361717655",
"298572792697906867719504168729246833396",
"117764067224015025876405603189739045230",
"63621848100980322416734798000413154781",
"169547964225277905151142434049566415409",
"116199640044568161228877738163307222376"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/0256fd0627148e5b71218e424c310f48b066a041",
"id": "CVE-2022-37734-585fc23d",
"target": {
"file": "src/main/java/graphql/schema/idl/SchemaParser.java"
},
"digest": {
"line_hashes": [
"307181059479443774914007982784567247247",
"309000824723211827208997559430837087064",
"333188367749133571961289750731232656362",
"109961255255314114844671506027463322562"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-5ffe9dec",
"target": {
"file": "src/main/java/graphql/parser/ParserOptions.java"
},
"digest": {
"line_hashes": [
"231317867431027672454435376203271319778",
"258836306957640166998387823613388202721",
"279790613970337322458291960644857280394",
"200015203361077272538909783775785747609",
"205489744594438209449590621758389532312",
"19476943207368227821352799485658794877",
"231228673773969442536304582333381860664",
"300726457451543713804695850602605994504",
"272501136078590120716060014524250993019",
"41465275300180062784040304922468942636",
"149947001113437305816686791808034366427",
"209181306615889711168565746838297879554",
"326291010190581536729631171048085641226",
"9181771293891077597982346838205150911",
"239963062720764187558554953321430405935",
"27627219914879921622339016121365065845",
"10021165533603323610541664016683751057",
"144735760745577827917645206352927009027",
"141838475747838328448319653495519225643",
"225132642712615008413759051320494204109",
"166940260421749952511086179725923257397",
"321965589026147697180297392702644052834",
"159109968627392100733547977476632487759",
"306293743307762265430374828072452280222",
"117090957886447440791103723384359496828",
"71832764568475348893008338833819646664",
"301347195927780922252540163058014771161",
"6494659158953867478143511918870830720",
"263675226008663402919642860175877867334",
"337287212332216094383345629853444856768",
"312018734226524565074960012388426747026",
"51871251903463654237346166175549868526",
"22104538293247937202215186492606163450",
"37793481901245533217953790822510391561",
"70151371328435594289928652107717301375",
"286511629820410907763634315548990595444",
"247868764764255969239659809353361411477",
"267145490618112151045785597562336619584",
"129489041032544141626497038633758346496",
"175984641097863824014702241520319932628",
"235798614766532142042299786295922605949",
"323565472056076064323226790877949563832",
"181601915728943091169547316673835997631",
"243930357275511385670238708335117352638",
"185958867947281037346175786420803175493",
"190880896003208468275367352475659508114",
"232095943173328470026441086212303947449",
"197776538082931723413575739534562211933",
"221602218302271348297814065345045431224",
"117167603300051093555899489990376710333",
"19360163883863100654519157062032647181",
"276726009393873248976542950838164435372"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-61da9b8b",
"target": {
"file": "src/main/java/graphql/parser/GraphqlAntlrToLanguage.java",
"function": "addIgnoredChars"
},
"digest": {
"function_hash": "135359001098883070222183516224908804118",
"length": 475.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/0256fd0627148e5b71218e424c310f48b066a041",
"id": "CVE-2022-37734-6540c045",
"target": {
"file": "src/main/java/graphql/parser/GraphqlAntlrToLanguage.java",
"function": "addIgnoredChars"
},
"digest": {
"function_hash": "135359001098883070222183516224908804118",
"length": 475.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/0256fd0627148e5b71218e424c310f48b066a041",
"id": "CVE-2022-37734-663c6584",
"target": {
"file": "src/main/java/graphql/parser/Parser.java"
},
"digest": {
"line_hashes": [
"115867567869463879279527014499888349822",
"48951013704344190133274526944485182192",
"266820648630310748044451899314515875437",
"116101924031770295309119577475575721816",
"139300129402595280102683314494486928069",
"64725170757179767237551196184760144427",
"178542823560370660826503505666770655759",
"240299546043160802574510017775234258911",
"118170366461290685672368725021919309107",
"107717720359169909590173805425541857538",
"231373125843461325698614127761047825798",
"261794225263453175705330016889677757428",
"136867268093016885417346125873330683198",
"327355066880643499099749122521729511673",
"160372056191326273553434499101877274283",
"129867535219776486677903191099905286302",
"337424634277556993606054984692787026960",
"188187613005022359222304577858171913873",
"116375019267916270907004702684808044857",
"261090963569831226029775311851984344349",
"183463033378433744877842667945866995908",
"209642402691995345608912351558526236436",
"87905371709818369655208666056243940825",
"21155586188270923203314999408382070740",
"309845019958237845687328390800258670777",
"320115930316789962798056712538784004317",
"251239448787545458290179002400865518299",
"178141823269753667453735617479298620831"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-702d01ac",
"target": {
"file": "src/main/java/graphql/schema/idl/SchemaParser.java"
},
"digest": {
"line_hashes": [
"307181059479443774914007982784567247247",
"309000824723211827208997559430837087064",
"333188367749133571961289750731232656362",
"109961255255314114844671506027463322562"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-7370b163",
"target": {
"file": "src/main/java/graphql/parser/Parser.java",
"function": "setupParserListener"
},
"digest": {
"function_hash": "6758193916495697456894287241643119638",
"length": 824.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-7b876534",
"target": {
"file": "src/main/java/graphql/ParseAndValidate.java"
},
"digest": {
"line_hashes": [
"118465720260490588150083412730448499683",
"266988900597722288166088534587184027168",
"112448572650040968839409030957199215774",
"250413485999558196417787313571713215486",
"324866431856175697198406020250903499812",
"1315691986785545464202561693103567367",
"239191736441161835876512763005144929077",
"28416880140610312629523915120235014605",
"57437989763594644086002126859596044990",
"155002159058041262366379930811896460105",
"254930007877439132478537315565845919213",
"194671155646375777850144009100203847307",
"297138513704804790974890549626036172956",
"326193645860985061885395548563356006846"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-7e615c97",
"target": {
"file": "src/main/java/graphql/parser/GraphqlAntlrToLanguage.java",
"function": "GraphqlAntlrToLanguage"
},
"digest": {
"function_hash": "302035541223276456248278913968872789194",
"length": 164.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/0256fd0627148e5b71218e424c310f48b066a041",
"id": "CVE-2022-37734-aaa63740",
"target": {
"file": "src/main/java/graphql/parser/Parser.java",
"function": "parseImpl"
},
"digest": {
"function_hash": "83300036397416521057968837677396436291",
"length": 1745.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/0256fd0627148e5b71218e424c310f48b066a041",
"id": "CVE-2022-37734-b4217b07",
"target": {
"file": "src/main/java/graphql/parser/GraphqlAntlrToLanguage.java"
},
"digest": {
"line_hashes": [
"327313528772033852769138767045862315128",
"38224152990341321802760842872650408722",
"50542859188469550587409440945614843861",
"274604519602800115133939040384325617121",
"55390905972230360398103258584810948981",
"91941806600820028590257777285642070965",
"97086930469936168149929400378204827139",
"56934985635682979297352336140116327379",
"14679829767104580172158481469953772801",
"64854474599643194799614141488224139323",
"199413608477023866508311530228751477760",
"151568425059874139309352663224459445100",
"112705530689392205078957767109990188129",
"132481726129969556431176651074592288847",
"115042811434315144026467708874868365155",
"272221780836295962255405953184159312723",
"222316103812229908315685198011392002219",
"248900440263277729422606665591361717655",
"298572792697906867719504168729246833396",
"117764067224015025876405603189739045230",
"63621848100980322416734798000413154781",
"169547964225277905151142434049566415409",
"116199640044568161228877738163307222376"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-cf2a409c",
"target": {
"file": "src/main/java/graphql/schema/idl/SchemaParser.java",
"function": "parseImpl"
},
"digest": {
"function_hash": "138139050151634242939473446555368747249",
"length": 353.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-cf7322f7",
"target": {
"file": "src/main/java/graphql/parser/ParserOptions.java",
"function": "Builder"
},
"digest": {
"function_hash": "93775340063257576420437176830502435027",
"length": 189.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/0256fd0627148e5b71218e424c310f48b066a041",
"id": "CVE-2022-37734-d1d6d3fe",
"target": {
"file": "src/main/java/graphql/parser/GraphqlAntlrToLanguage.java",
"function": "GraphqlAntlrToLanguage"
},
"digest": {
"function_hash": "302035541223276456248278913968872789194",
"length": 164.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/0256fd0627148e5b71218e424c310f48b066a041",
"id": "CVE-2022-37734-d5113273",
"target": {
"file": "src/main/java/graphql/ParseAndValidate.java"
},
"digest": {
"line_hashes": [
"28488548067060973461254977336150724237",
"299031158789173925009376432701053404290",
"219728341618800179467319528834817417029",
"297858491793131252796298523095256730258",
"159919717998098738973607062984604028937",
"5483690310555589642643325485434284953",
"294419654474023654577169395123009313351"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-da25d03d",
"target": {
"file": "src/main/java/graphql/parser/Parser.java"
},
"digest": {
"line_hashes": [
"115867567869463879279527014499888349822",
"48951013704344190133274526944485182192",
"266820648630310748044451899314515875437",
"116101924031770295309119577475575721816",
"139300129402595280102683314494486928069",
"64725170757179767237551196184760144427",
"178542823560370660826503505666770655759",
"240299546043160802574510017775234258911",
"118170366461290685672368725021919309107",
"107717720359169909590173805425541857538",
"231373125843461325698614127761047825798",
"261794225263453175705330016889677757428",
"272522729430044705388557687013535291055",
"304930391975417100021342451044407081866",
"52900104041536220342184440953426345718",
"180995468988723416961152588154911166338",
"327355066880643499099749122521729511673",
"160372056191326273553434499101877274283",
"91862748904144811656096990766505828699",
"227318968818519575725425044714159761395",
"93493621141663096712459318803432231974",
"13556988027510616162428986635045177918",
"276026306310097071525384262766121329532",
"164196293541947006480289212693081826542",
"209642402691995345608912351558526236436",
"87905371709818369655208666056243940825",
"21155586188270923203314999408382070740",
"309845019958237845687328390800258670777",
"320115930316789962798056712538784004317",
"251239448787545458290179002400865518299",
"178141823269753667453735617479298620831"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/0256fd0627148e5b71218e424c310f48b066a041",
"id": "CVE-2022-37734-f1aed050",
"target": {
"file": "src/main/java/graphql/parser/Parser.java",
"function": "setupParserListener"
},
"digest": {
"function_hash": "100078905081987773199552626884362218768",
"length": 1222.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/graphql-java/graphql-java/commit/cb88645bec5778c1a90f81e58bd394bdc605c166",
"id": "CVE-2022-37734-f45d01c5",
"target": {
"file": "src/main/java/graphql/parser/Parser.java",
"function": "visitTerminal"
},
"digest": {
"function_hash": "321523436238932591369077871199737231508",
"length": 513.0
},
"signature_type": "Function",
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37734.json"