OSV-2025-436

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/graphql-java/OSV-2025-436.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2025-436

Published

2025-06-05T00:11:24.382209Z

Modified

2025-06-05T00:11:24.382444Z

Summary

Security exception in graphql.parser.GraphqlAntlrToLanguage.createNonNullType

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=422217211

Crash type: Security exception
Crash state:
graphql.parser.GraphqlAntlrToLanguage.createNonNullType
graphql.parser.GraphqlAntlrToLanguage.createType
graphql.parser.GraphqlAntlrToLanguage.createListType

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=422217211

Affected packages

OSS-Fuzz / graphql-java

Package

Name: graphql-java
Purl: pkg:generic/graphql-java

Affected ranges

Type: GIT
Repo: https://github.com/graphql-java/graphql-java
Events: Introduced

f52305325593dcec70aba9c4a5717b18b6543fa0

Fixed

9c927258ecbf5befa9990c134deb752835bcee9d

Affected versions

25.*

25.0.beta-1

v22.*

v22.0

v22.1

v22.2

v22.3

v22.4

v23.*

v23.0

v23.1

v24.*

v24.0

v24.1

v24.2

v25.*

v25.0-beta-3

v25.0.beta-2

v25.0.beta-4

v25.0.beta-5

Ecosystem specific

{
    "severity": "LOW"
}

Database specific

fixed_range

"bf6c50a12dde38c1c91a17ecc086137a6f0f5113:9c927258ecbf5befa9990c134deb752835bcee9d"

introduced_range

"ef846bf7a25a4deb8e860c3be2003968c9fcc493:0bc0845f18c33af5859288ce15244e804a92fc2c"

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/graphql-java/OSV-2025-436.yaml"