5.3
CVE-2026-47706
- EPSS 0.3%
- Veröffentlicht 04.06.2026 14:06:48
- Zuletzt bearbeitet 05.06.2026 17:37:58
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginStrawberry GraphQL has a Circular Fragment Reference DOS
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determine_depth function enters an infinite recursion, leading to a RecursionError and crashing the validation process. Version 0.315.7 patches the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Strawberry ≫ Strawberry Graphql SwPlatformpython Version >= 0.71.0 < 0.315.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.211 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CWE-674 Uncontrolled Recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
https://github.com/strawberry-graphql/strawberry/security/advisories/GHSA-qfwv-87qj-98xq
https://github.com/strawberry-graphql/strawberry/releases/tag/0.315.7