CVE-2026-30241
- EPSS 0.02%
- Veröffentlicht 06.03.2026 21:15:33
- Zuletzt bearbeitet 12.03.2026 15:16:45
Mercurius is a GraphQL adapter for Fastify. Prior to version 16.8.0, Mercurius fails to enforce the configured queryDepth limit on GraphQL subscription queries received over WebSocket connections. The depth check is correctly applied to HTTP queries ...
CVE-2025-64166
- EPSS 0.01%
- Veröffentlicht 05.03.2026 15:31:45
- Zuletzt bearbeitet 13.03.2026 18:05:06
Mercurius is a GraphQL adapter for Fastify. Prior to version 16.4.0, a cross-site request forgery (CSRF) vulnerability was identified. The issue arises from incorrect parsing of the Content-Type header in requests. Specifically, requests with Content...
CVE-2023-22477
- EPSS 0.25%
- Veröffentlicht 09.01.2023 15:15:11
- Zuletzt bearbeitet 21.11.2024 07:44:53
Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to `/graphql`. This issue was patched in #940. As a workaround, users can...
- EPSS 0.37%
- Veröffentlicht 13.12.2021 20:15:07
- Zuletzt bearbeitet 21.11.2024 06:29:49
Mercurius is a GraphQL adapter for Fastify. Any users from Mercurius@8.10.0 to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to `/graphql` unless they are using a custom error handler. The vulnerability has been fixed...