7.5
CVE-2022-31173
- EPSS 1.31%
- Veröffentlicht 01.08.2022 19:15:08
- Zuletzt bearbeitet 21.11.2024 07:04:03
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginJuniper is vulnerable to @DOS GraphQL Nested Fragments overflow
Juniper is a GraphQL server library for Rust. Affected versions of Juniper are vulnerable to uncontrolled recursion resulting in a program crash. This issue has been addressed in version 0.15.10. Users are advised to upgrade. Users unable to upgrade should limit the recursion depth manually.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Juniper Project ≫ Juniper SwPlatformrust Version < 0.15.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.31% | 0.668 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| security-advisories@github.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CWE-674 Uncontrolled Recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
https://github.com/graphql-rust/juniper/blob/juniper-v0.15.10/juniper/CHANGELOG.md#01510-2022-07-28
https://github.com/graphql-rust/juniper/commit/2b609ee057be950e3454b69fadc431d120e407bb
https://github.com/graphql-rust/juniper/commit/8d28cdba6eb10f53490ba41d1b5cb40506c2de22
https://github.com/graphql-rust/juniper/security/advisories/GHSA-4rx6-g5vg-5f3j