GHSA-p4qx-6w5p-4rj2

Suggest an improvement
Source
https://github.com/advisories/GHSA-p4qx-6w5p-4rj2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-p4qx-6w5p-4rj2/GHSA-p4qx-6w5p-4rj2.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-p4qx-6w5p-4rj2
Aliases
Published
2023-03-27T03:30:16Z
Modified
2023-11-08T04:12:15.496485Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
GraphQL Java vulnerable to stack consumption
Details

In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135.

References

Affected packages

Maven / com.graphql-java:graphql-java

Package

Name
com.graphql-java:graphql-java
View open source insights on deps.dev
Purl
pkg:maven/com.graphql-java/graphql-java

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.0.0-2023-03-20T01-49-44-80e3135

Affected versions

Other

vTEST

0.*

0.0.0-2021-05-04T21-12-03-d3ac10b0
0.0.0-2021-05-05T05-30-31-080c6a39
0.0.0-2021-05-12T17-44-41-b9caa0b0
0.0.0-2021-05-17T01-01-51-5ec03a8b
0.0.0-2021-05-17T23-49-29-83942204
0.0.0-2021-05-20T01-15-22-fdd8d1a7
0.0.0-2021-05-24T05-16-34-3139ccbb
0.0.0-2021-05-24T05-25-51-5060b63c
0.0.0-2021-05-25T00-50-29-f2c5f5f6
0.0.0-2021-05-28T01-59-18-ee8078a3
0.0.0-2021-05-28T21-23-19-9808fa38
0.0.0-2021-05-30T23-35-49-3dff821c
0.0.0-2021-06-01T04-42-05-1a107087
0.0.0-2021-06-05T04-28-09-ba39be3b
0.0.0-2021-06-11T01-43-18-c5b814ca
0.0.0-2021-06-16T04-31-20-2cea0afb
0.0.0-2021-06-21T12-39-43-f4b34952
0.0.0-2021-06-22T01-59-26-ead75387
0.0.0-2021-06-22T19-29-39-93e07663
0.0.0-2021-06-23T06-44-45-89f328c0
0.0.0-2021-06-23T10-00-51-d5e4ea5e
0.0.0-2021-06-23T21-05-17-344cb8a7
0.0.0-2021-06-27T12-21-06-f6460192
0.0.0-2021-06-27T12-22-33-cd2bab76
0.0.0-2021-06-29T03-35-30-5396ab20
0.0.0-2021-07-04T05-44-34-011ea700
0.0.0-2021-07-04T08-25-52-86c0611a
0.0.0-2021-07-04T08-49-40-2d15b5f9
0.0.0-2021-07-05T07-10-14-d5cc61c8
0.0.0-2021-07-05T07-18-25-966882f8
0.0.0-2021-07-05T07-19-30-e65342c8
0.0.0-2021-07-05T08-22-43-53fd8895
0.0.0-2021-07-05T12-04-02-38fee78e
0.0.0-2021-07-05T12-04-42-97855c67
0.0.0-2021-07-05T12-13-02-5eb2c477
0.0.0-2021-07-06T01-14-42-efe42242
0.0.0-2021-07-06T01-36-09-02444b78
0.0.0-2021-07-06T00-28-13-573087f7
0.0.0-2021-07-07T20-55-42-087dc842
0.0.0-2021-07-08T03-59-17-e6367faa
0.0.0-2021-07-09T22-23-59-0d451ba8
0.0.0-2021-07-10T05-17-50-2b651a9c
0.0.0-2021-07-10T05-21-10-6515fa6a
0.0.0-2021-07-12T21-51-47-98920d4d
0.0.0-2021-07-12T21-52-29-6e7dec3c
0.0.0-2021-07-12T21-54-17-deb56b65
0.0.0-2021-07-12T22-08-09-9289f25e
0.0.0-2021-07-12T22-14-11-68c6db2d
0.0.0-2021-07-13T05-18-08-2f680086
0.0.0-2021-07-13T05-18-09-1bdbb8fa
0.0.0-2021-07-13T05-26-29-1a071d64
0.0.0-2021-07-13T06-14-59-4ae14fa3
0.0.0-2021-07-14T02-19-28-35e99298
0.0.0-2021-07-14T06-30-05-357c9bb0
0.0.0-2021-07-14T11-05-40-492e318d
0.0.0-2021-07-15T02-10-29-97efeb33
0.0.0-2021-07-15T02-18-58-632876d9
0.0.0-2021-07-15T08-50-30-e0a2faa5
0.0.0-2021-07-16T06-20-17-83721e79
0.0.0-2021-07-16T08-42-38-ae2d51a3
0.0.0-2021-07-17T04-32-45-a31c8171
0.0.0-2021-07-17T09-36-00-6d744146
0.0.0-2021-07-17T20-50-09-b525ada6
0.0.0-2021-07-17T20-51-23-c3f03101
0.0.0-2021-07-17T21-27-02-4df40f1d
0.0.0-2021-07-17T22-07-46-ae7131ef
0.0.0-2021-07-18T08-09-16-1007fca6
0.0.0-2021-07-18T08-14-43-18c56d40
0.0.0-2021-07-18T23-03-43-5f69ce6b
0.0.0-2021-07-20T00-01-25-128e3d51
0.0.0-2021-07-20T22-51-24-b1913fce
0.0.0-2021-07-21T06-48-56-713bb637
0.0.0-2021-07-24T12-26-37-0c435bc9
0.0.0-2021-07-24T21-42-07-c776dff2
0.0.0-2021-07-25T22-31-04-4a29a2c9
0.0.0-2021-07-28T10-02-02-dd5a82e6
0.0.0-2021-07-29T09-35-17-f1f55ba4
0.0.0-2021-07-29T09-42-35-b7c6d4b5
0.0.0-2021-08-01T03-54-24-35768a0e
0.0.0-2021-08-02T03-50-06-6660395c
0.0.0-2021-08-02T10-02-04-077e94fc
0.0.0-2021-08-02T21-10-18-3632859c
0.0.0-2021-08-02T21-14-09-8e0b5091
0.0.0-2021-08-02T22-37-37-c7154f80
0.0.0-2021-08-03T07-42-26-a75b54a7
0.0.0-2021-08-03T07-43-01-fd861816
0.0.0-2021-08-04T07-19-52-dfc3a926
0.0.0-2021-08-07T21-29-44-0ea59075
0.0.0-2021-08-09T23-28-38-452abc9a
0.0.0-2021-08-10T02-24-22-843273a6
0.0.0-2021-08-10T05-05-14-d7a82eb5
0.0.0-2021-08-11T06-43-17-68c01ece
0.0.0-2021-08-15T02-27-01-bce9f2e8
0.0.0-2021-08-17T23-45-38-493573bd
0.0.0-2021-08-18T01-14-53-45dc98a6
0.0.0-2021-08-27T03-40-40-45b59015
0.0.0-2021-08-27T03-44-16-27b11d99
0.0.0-2021-09-02T05-39-30-8530366f
0.0.0-2021-09-04T07-48-59-ba2a29a4
0.0.0-2021-09-06T08-37-46-84984aa4
0.0.0-2021-09-18T08-03-35-23d352f1
0.0.0-2021-09-19T00-35-28-bf4e324e
0.0.0-2021-09-21T07-37-10-370dfa7c
0.0.0-2021-09-23T23-04-39-420218dc
0.0.0-2021-10-02T02-47-13-9fb48c5c
0.0.0-2021-10-02T23-00-30-92137350
0.0.0-2021-10-04T23-42-03-b6611f09
0.0.0-2021-10-04T23-43-42-ade69c09
0.0.0-2021-10-07T21-34-42-94f0137e
0.0.0-2021-10-08T05-20-22-e0eb64c1
0.0.0-2021-10-19T09-22-30-8ecca8e9
0.0.0-2021-10-23T09-09-04-9e53ca9b
0.0.0-2021-10-28T21-46-21-992d95fe
0.0.0-2021-11-08T03-57-14-c9f6ea71
0.0.0-2021-11-09T01-11-13-3533d143
0.0.0-2021-11-12T06-50-22-dd1d5008
0.0.0-2021-11-15T06-10-48-8c7249be
0.0.0-2021-11-15T06-23-11-4eed7c96
0.0.0-2021-11-30T22-34-04-2ca2d5f9
0.0.0-2021-12-02T06-30-36-cbf0eb18
0.0.0-2021-12-02T07-01-43-08b4b015
0.0.0-2021-12-03T00-03-03-dede00ed
0.0.0-2021-12-06T01-21-56-e3888760
0.0.0-2021-12-06T01-22-19-5108111b
0.0.0-2021-12-06T02-39-41-f8dd9d2c
0.0.0-2021-12-06T03-21-21-abbb8564
0.0.0-2021-12-06T00-08-57-89a33731
0.0.0-2021-12-13T00-13-31-399284fc
0.0.0-2021-12-15T03-53-47-4238a164
0.0.0-2021-12-21T07-29-24-f993255a
0.0.0-2021-12-27T03-47-34-309fb9e1
0.0.0-2021-12-27T03-50-27-1ee9630c
0.0.0-2022-01-11T23-37-10-2d522ede
0.0.0-2022-01-24T14-50-34-9dbdb67d
0.0.0-2022-01-26T06-44-43-9b154fff
0.0.0-2022-01-26T09-44-58-f824c01d
0.0.0-2022-01-31T03-42-52-7bac61e5
0.0.0-2022-02-01T05-45-16-7258ece0
0.0.0-2022-02-01T00-32-29-3b3bf3f2
0.0.0-2022-02-01T00-45-53-0300684a
0.0.0-2022-02-03T11-16-12-3ca5783f
0.0.0-2022-02-03T11-16-55-a0063668
0.0.0-2022-02-03T11-17-26-2dba4ea5
0.0.0-2022-02-03T23-20-25-16a878f8
0.0.0-2022-02-03T23-20-55-3f951e4c
0.0.0-2022-02-03T23-25-34-9c77dddf
0.0.0-2022-02-04T05-50-42-0eaeb353
0.0.0-2022-02-04T05-53-49-10eb985d
0.0.0-2022-02-04T05-54-38-35b8dcd9
0.0.0-2022-02-04T05-59-46-62ccef63
0.0.0-2022-02-06T02-24-33-fb257bb0
0.0.0-2022-02-07T22-39-39-39451d5e
0.0.0-2022-02-12T02-28-27-52e876d8
0.0.0-2022-02-16T23-29-04-bbb605ee
0.0.0-2022-02-17T08-44-12-981f8408
0.0.0-2022-02-18T00-43-51-2dc5c487
0.0.0-2022-02-22T09-04-38-f55f455a
0.0.0-2022-02-23T01-12-39-39fa5820
0.0.0-2022-02-24T11-03-15-a2d81a84
0.0.0-2022-02-24T21-55-37-50161938
0.0.0-2022-02-28T04-15-47-83c97ebe
0.0.0-2022-02-28T09-57-49-0b887a98
0.0.0-2022-02-28T00-18-39-7fe0d845
0.0.0-2022-03-01T04-16-03-f67e3f18
0.0.0-2022-03-01T04-16-14-e973c9a1
0.0.0-2022-03-13T01-58-00-470811bb
0.0.0-2022-03-24T11-44-08-a5b13838
0.0.0-2022-03-27T22-17-49-e6c95b8b
0.0.0-2022-04-03T09-12-44-66fcb3d5
0.0.0-2022-04-03T09-13-10-aeac9ca3
0.0.0-2022-04-03T09-13-51-7691ee9d
0.0.0-2022-04-03T09-25-14-29ffff7f
0.0.0-2022-04-09T06-29-50-f0d30364
0.0.0-2022-04-09T06-35-51-e95283f2
0.0.0-2022-04-13T00-55-03-2148cdf3
0.0.0-2022-04-16T01-01-25-66595fa6
0.0.0-2022-04-17T05-28-57-2c39728e
0.0.0-2022-04-17T05-30-19-9bf84872
0.0.0-2022-04-18T02-48-32-12c7c4e3
0.0.0-2022-04-26T01-51-48-a9a8a299
0.0.0-2022-04-27T05-56-43-5e7d8566
0.0.0-2022-04-29T01-20-09-b424f986
0.0.0-2022-04-29T00-08-11-7086a3ec
0.0.0-2022-05-05T06-09-38-a3a13d8e
0.0.0-2022-05-17T05-00-01-271879b4
0.0.0-2022-05-17T11-53-29-3cc7838b
0.0.0-2022-05-17T11-54-38-08698261
0.0.0-2022-05-17T23-49-21-15a70e59
0.0.0-2022-05-19T11-06-31-8c2232a0
0.0.0-2022-05-19T23-24-20-cbd919b5
0.0.0-2022-05-24T02-48-13-671caf55
0.0.0-2022-05-24T04-59-41-60606765
0.0.0-2022-05-24T06-45-37-86d54438
0.0.0-2022-05-27T01-48-30-9b4ee644
0.0.0-2022-05-30T00-12-28-36905f3a
0.0.0-2022-06-07T04-21-37-d133ec57
0.0.0-2022-06-08T06-55-18-a2ac2a82
0.0.0-2022-06-08T09-36-46-3379470e
0.0.0-2022-06-08T09-52-43-9da87e2f
0.0.0-2022-06-08T10-05-10-a006bd3f
0.0.0-2022-06-08T12-24-46-5cac2e36
0.0.0-2022-06-13T22-08-54-fa5bbfce
0.0.0-2022-06-13T22-11-21-0df2d638
0.0.0-2022-06-14T02-56-29-1db980e0
0.0.0-2022-06-14T06-09-18-86aaa00c
0.0.0-2022-06-14T00-21-33-f21869a7
0.0.0-2022-06-19T21-46-05-15736af0
0.0.0-2022-06-20T00-12-01-bfcc5d95
0.0.0-2022-06-20T22-55-14-fd5d37da
0.0.0-2022-06-20T22-55-19-6090f3cc
0.0.0-2022-06-20T23-01-25-bc82b6bc
0.0.0-2022-06-24T07-27-48-b370bfdf
0.0.0-2022-06-29T11-28-59-79a837ba
0.0.0-2022-06-29T23-28-27-eddbd265
0.0.0-2022-07-01T01-23-37-21955383
0.0.0-2022-07-16T03-57-54-40331dd8
0.0.0-2022-07-18T23-51-28-325667fd
0.0.0-2022-07-21T03-19-51-59679e0f
0.0.0-2022-07-22T06-48-56-532d6bb5
0.0.0-2022-07-26T04-19-03-6f71436b
0.0.0-2022-07-26T05-25-16-ab856e2a
0.0.0-2022-07-26T05-45-04-226aabd9
0.0.0-2022-07-26T06-09-36-6d87767c
0.0.0-2022-07-26T07-15-21-a5075702
0.0.0-2022-07-26T11-23-15-b1f96e74
0.0.0-2022-07-26T11-23-18-35ff68db
0.0.0-2022-08-02T09-42-30-49d012e7
0.0.0-2022-08-09T04-23-25-c7936eaa
0.0.0-2022-08-10T00-41-18-faf63374
0.0.0-2022-08-11T02-36-41-fb507ad5
0.0.0-2022-08-11T03-48-04-9479cc0d
0.0.0-2022-08-15T07-12-46-36c76c5c
0.0.0-2022-08-15T10-31-13-086aa1b9
0.0.0-2022-08-16T10-34-26-7a56f709
0.0.0-2022-08-16T00-14-19-aeae3dc3
0.0.0-2022-08-17T00-19-45-44dcf627
0.0.0-2022-08-19T05-11-37-cb57fa57
0.0.0-2022-08-20T04-04-39-f3fde0e4
0.0.0-2022-08-21T21-26-37-d77ec642
0.0.0-2022-08-22T06-46-40-e7409ac5
0.0.0-2022-08-22T23-28-51-f5b123fb
0.0.0-2022-08-22T00-46-32-4652d3db
0.0.0-2022-08-23T06-03-15-622ed4d3
0.0.0-2022-08-24T22-38-54-2ec521a6
0.0.0-2022-08-29T01-13-44-0576774e
0.0.0-2022-08-30T04-27-47-7d20b254
0.0.0-2022-08-30T04-29-37-68a8698a
0.0.0-2022-08-30T22-24-38-93d7f5df
0.0.0-2022-09-04T02-17-59-96f5bf79
0.0.0-2022-09-05T23-44-52-4de3f3b8
0.0.0-2022-09-06T23-08-35-be2de880
0.0.0-2022-09-10T23-32-30-d0d06b7f
0.0.0-2022-09-11T01-25-03-113db6b0
0.0.0-2022-10-04T03-13-12-27264320
0.0.0-2022-10-05T22-37-58-b74c5648
0.0.0-2022-10-06T03-55-26-5643c463
0.0.0-2022-10-06T06-16-46-066c751e
0.0.0-2022-10-09T23-30-20-8c947773
0.0.0-2022-10-13T23-11-33-432e7347
0.0.0-2022-10-18T01-01-05-74189e0e
0.0.0-2022-10-18T05-29-18-4024420a
0.0.0-2022-10-27T06-17-19-6335cf0f
0.0.0-2022-10-27T17-20-07-be851d76
0.0.0-2022-10-29T03-41-04-bb4a3b2b
0.0.0-2022-10-30T23-07-33-db79724c
0.0.0-2022-10-31T01-23-06-c6652489
0.0.0-2022-10-31T07-05-43-97874976
0.0.0-2022-10-31T07-07-06-13ab0009
0.0.0-2022-10-31T07-00-43-71eccd49
0.0.0-2022-10-31T00-42-12-322ba6b9
0.0.0-2022-11-06T21-39-20-5c0c68ba
0.0.0-2022-11-11T22-07-02-d1947614
0.0.0-2022-11-12T01-01-53-04df386b
0.0.0-2022-11-12T04-17-07-df2a7176
0.0.0-2022-11-20T01-31-26-4f1af63e
0.0.0-2022-11-20T01-33-01-1a786698
0.0.0-2022-11-20T09-23-02-12def0ff
0.0.0-2022-11-22T22-51-45-eec55e51
0.0.0-2022-11-22T22-52-39-477d9a08
0.0.0-2022-11-25T03-51-16-d75ab956
0.0.0-2022-11-25T03-52-46-57eca2eb
0.0.0-2022-11-29T01-09-57-0264f30a
0.0.0-2022-11-29T05-41-15-8d7c2ba7
0.0.0-2022-11-29T09-47-50-8e43b08c
0.0.0-2022-11-30T08-54-03-b424ab88
0.0.0-2022-12-01T01-56-22-5b442198
0.0.0-2022-12-01T00-02-29-fe8d6705
0.0.0-2022-12-02T05-18-47-3d452436
0.0.0-2022-12-03T02-34-55-476632e8
0.0.0-2022-12-06T02-20-28-f20524f1
0.0.0-2022-12-06T04-34-50-557ad5dc
0.0.0-2022-12-07T23-01-17-aaf1b3a2
0.0.0-2022-12-12T06-32-18-ed7ddf78
0.0.0-2022-12-18T01-45-19-fec81751
0.0.0-2022-12-18T00-44-34-a222f475
0.0.0-2023-01-12T05-26-36-e44b8541
0.0.0-2023-01-13T08-45-28-7202f825
0.0.0-2023-01-13T23-58-42-f3064472
0.0.0-2023-01-14T04-27-31-640d2826
0.0.0-2023-01-21T03-21-02-c2887b3b
0.0.0-2023-01-24T01-20-34-6f23ff36
0.0.0-2023-01-24T02-18-49-e8503af0
0.0.0-2023-01-25T01-17-07-d4ea8ecd
0.0.0-2023-01-27T04-40-05-3be28fca
0.0.0-2023-01-30T01-07-12-e00df011
0.0.0-2023-01-30T01-07-29-86d38c1a
0.0.0-2023-01-30T01-13-04-2b297393
0.0.0-2023-01-30T03-04-56-f568b2e2
0.0.0-2023-02-04T01-20-11-322c5c2b
0.0.0-2023-02-04T01-20-26-4cc47310
0.0.0-2023-02-09T20-42-32-f9ee42e4
0.0.0-2023-02-10T04-34-27-a9cf6e66
0.0.0-2023-02-13T04-12-35-34226139
0.0.0-2023-02-13T04-36-31-20dd35b5
0.0.0-2023-02-27T05-10-22-94f924f7
0.0.0-2023-03-01T23-29-06-4580388e
0.0.0-2023-03-02T00-26-47-17e7bd26
0.0.0-2023-03-09T23-46-42-4c66935b
0.0.0-2023-03-15T00-22-22-09984d7c
0.0.0-2023-03-18T10-13-14-469ab0d2
0.0.0-2023-03-18T10-24-08-2839545c
0.0.0-2023-03-18T10-32-40-7f0e4de2
0.0.0-2023-03-19T04-13-20-11cddb80
0.0.0-2023-03-19T04-19-13-ec7d9459
0.0.0-2023-03-19T04-49-12-419ec6ce
0.0.0-2023-03-19T22-20-47-cfae014
0.0.0-2023-03-19T22-21-34-70f681e
0.0.0-2023-03-19T22-25-52-aa46bc2

Maven / com.graphql-java:graphql-java

Package

Name
com.graphql-java:graphql-java
View open source insights on deps.dev
Purl
pkg:maven/com.graphql-java/graphql-java

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.2
Fixed
17.5

Affected versions

1.*

1.2
1.3

2.*

2.0.0
2.1.0
2.2.0
2.3.0
2.4.0

3.*

3.0.0

4.*

4.0
4.1
4.2

5.*

5.0

6.*

6.0

7.*

7.0

8.*

8.0

9.*

9.0-rc1
9.0
9.0-TEST
9.1
9.2
9.3
9.4-rc1
9.4
9.5
9.7

10.*

10.0

11.*

11.0

12.*

12.0

13.*

13.0

14.*

14.0
14.1

15.*

15.0

16.*

16.0
16.1
16.2

17.*

17.0-beta1
17.0.0-beta1
17.0
17.1
17.2
17.3
17.4

Maven / com.graphql-java:graphql-java

Package

Name
com.graphql-java:graphql-java
View open source insights on deps.dev
Purl
pkg:maven/com.graphql-java/graphql-java

Affected ranges

Type
ECOSYSTEM
Events
Introduced
18.0
Fixed
18.4

Affected versions

18.*

18.0
18.1
18.2
18.3

Maven / com.graphql-java:graphql-java

Package

Name
com.graphql-java:graphql-java
View open source insights on deps.dev
Purl
pkg:maven/com.graphql-java/graphql-java

Affected ranges

Type
ECOSYSTEM
Events
Introduced
19.0
Fixed
19.4

Affected versions

19.*

19.0
19.1
19.2
19.3

Maven / com.graphql-java:graphql-java

Package

Name
com.graphql-java:graphql-java
View open source insights on deps.dev
Purl
pkg:maven/com.graphql-java/graphql-java

Affected ranges

Type
ECOSYSTEM
Events
Introduced
20.0
Fixed
20.1

Affected versions

20.*

20.0