CVE-2023-28867
Published Mar 27, 2023
Last updated 2 years ago
Overview
- Description
- In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- CWE-770
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:graphql-java:graphql-java:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "69FCAB99-DF08-4B03-9FBC-9621BF9C0820",
"versionEndExcluding": "17.5"
},
{
"criteria": "cpe:2.3:a:graphql-java:graphql-java:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A5880A2-BC5A-48B3-9916-91CA7DA48C48",
"versionEndExcluding": "18.4",
"versionStartIncluding": "18.0"
},
{
"criteria": "cpe:2.3:a:graphql-java:graphql-java:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45943F35-6801-451B-BC93-0FF9533290BD",
"versionEndExcluding": "19.4",
"versionStartIncluding": "19.0"
},
{
"criteria": "cpe:2.3:a:graphql-java:graphql-java:20.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A9F6EBC-5C0B-4816-949E-E3AD77343984"
}
],
"operator": "OR"
}
]
}
]