Vulnerability Details CVE-2022-31173
Juniper is a GraphQL server library for Rust. Affected versions of Juniper are vulnerable to uncontrolled recursion resulting in a program crash. This issue has been addressed in version 0.15.10. Users are advised to upgrade. Users unable to upgrade should limit the recursion depth manually.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.9%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/graphql-rust/juniper/blob/juniper-v0.15.10/juniper/CHANGELOG.md#01510-2022-07-28
- https://github.com/graphql-rust/juniper/commit/2b609ee057be950e3454b69fadc431d120e407bb
- https://github.com/graphql-rust/juniper/commit/8d28cdba6eb10f53490ba41d1b5cb40506c2de22
- https://github.com/graphql-rust/juniper/security/advisories/GHSA-4rx6-g5vg-5f3j
- https://github.com/graphql-rust/juniper/blob/juniper-v0.15.10/juniper/CHANGELOG.md#01510-2022-07-28
- https://github.com/graphql-rust/juniper/commit/2b609ee057be950e3454b69fadc431d120e407bb
- https://github.com/graphql-rust/juniper/commit/8d28cdba6eb10f53490ba41d1b5cb40506c2de22
- https://github.com/graphql-rust/juniper/security/advisories/GHSA-4rx6-g5vg-5f3j
Products affected by CVE-2022-31173
-
cpe:2.3:a:juniper_project:juniper:0.11.0
-
cpe:2.3:a:juniper_project:juniper:0.11.1
-
cpe:2.3:a:juniper_project:juniper:0.13.1
-
cpe:2.3:a:juniper_project:juniper:0.14.0
-
cpe:2.3:a:juniper_project:juniper:0.14.1
-
cpe:2.3:a:juniper_project:juniper:0.14.2
-
cpe:2.3:a:juniper_project:juniper:0.15.0
-
cpe:2.3:a:juniper_project:juniper:0.15.1
-
cpe:2.3:a:juniper_project:juniper:0.15.2
-
cpe:2.3:a:juniper_project:juniper:0.15.3
-
cpe:2.3:a:juniper_project:juniper:0.15.4
-
cpe:2.3:a:juniper_project:juniper:0.15.5
-
cpe:2.3:a:juniper_project:juniper:0.15.6
-
cpe:2.3:a:juniper_project:juniper:0.15.7
-
cpe:2.3:a:juniper_project:juniper:0.15.8
-
cpe:2.3:a:juniper_project:juniper:0.15.9
-
cpe:2.3:a:juniper_project:juniper:0.5.0
-
cpe:2.3:a:juniper_project:juniper:0.5.1
-
cpe:2.3:a:juniper_project:juniper:0.5.2
-
cpe:2.3:a:juniper_project:juniper:0.5.3
-
cpe:2.3:a:juniper_project:juniper:0.6.0
-
cpe:2.3:a:juniper_project:juniper:0.6.1
-
cpe:2.3:a:juniper_project:juniper:0.6.2
-
cpe:2.3:a:juniper_project:juniper:0.6.3
-
cpe:2.3:a:juniper_project:juniper:0.7.0
-
cpe:2.3:a:juniper_project:juniper:0.8.0
-
cpe:2.3:a:juniper_project:juniper:0.8.1
-
cpe:2.3:a:juniper_project:juniper:0.9.0
-
cpe:2.3:a:juniper_project:juniper:0.9.1
-
cpe:2.3:a:juniper_project:juniper:0.9.2