Vulnerability Details CVE-2023-28867
In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.2%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/graphql-java/graphql-java/pull/3112
- https://github.com/graphql-java/graphql-java/releases/tag/v17.5
- https://github.com/graphql-java/graphql-java/releases/tag/v18.4
- https://github.com/graphql-java/graphql-java/releases/tag/v19.4
- https://github.com/graphql-java/graphql-java/releases/tag/v20.1
- https://github.com/graphql-java/graphql-java/pull/3112
- https://github.com/graphql-java/graphql-java/releases/tag/v17.5
- https://github.com/graphql-java/graphql-java/releases/tag/v18.4
- https://github.com/graphql-java/graphql-java/releases/tag/v19.4
- https://github.com/graphql-java/graphql-java/releases/tag/v20.1
Products affected by CVE-2023-28867
-
cpe:2.3:a:graphql-java:graphql-java:-
-
cpe:2.3:a:graphql-java:graphql-java:1.0
-
cpe:2.3:a:graphql-java:graphql-java:1.2
-
cpe:2.3:a:graphql-java:graphql-java:1.3
-
cpe:2.3:a:graphql-java:graphql-java:10.0
-
cpe:2.3:a:graphql-java:graphql-java:11.0
-
cpe:2.3:a:graphql-java:graphql-java:12.0
-
cpe:2.3:a:graphql-java:graphql-java:13.0
-
cpe:2.3:a:graphql-java:graphql-java:14.0
-
cpe:2.3:a:graphql-java:graphql-java:14.1
-
cpe:2.3:a:graphql-java:graphql-java:15.0
-
cpe:2.3:a:graphql-java:graphql-java:16.0
-
cpe:2.3:a:graphql-java:graphql-java:16.1
-
cpe:2.3:a:graphql-java:graphql-java:16.2
-
cpe:2.3:a:graphql-java:graphql-java:17.0
-
cpe:2.3:a:graphql-java:graphql-java:17.1
-
cpe:2.3:a:graphql-java:graphql-java:17.2
-
cpe:2.3:a:graphql-java:graphql-java:17.3
-
cpe:2.3:a:graphql-java:graphql-java:17.4
-
cpe:2.3:a:graphql-java:graphql-java:18.0
-
cpe:2.3:a:graphql-java:graphql-java:18.1
-
cpe:2.3:a:graphql-java:graphql-java:18.2
-
cpe:2.3:a:graphql-java:graphql-java:18.3
-
cpe:2.3:a:graphql-java:graphql-java:19.0
-
cpe:2.3:a:graphql-java:graphql-java:19.1
-
cpe:2.3:a:graphql-java:graphql-java:19.2
-
cpe:2.3:a:graphql-java:graphql-java:19.3
-
cpe:2.3:a:graphql-java:graphql-java:2.0.0
-
cpe:2.3:a:graphql-java:graphql-java:2.1.0
-
cpe:2.3:a:graphql-java:graphql-java:2.2.0
-
cpe:2.3:a:graphql-java:graphql-java:2.3.0
-
cpe:2.3:a:graphql-java:graphql-java:2.4.0
-
cpe:2.3:a:graphql-java:graphql-java:20.0
-
cpe:2.3:a:graphql-java:graphql-java:3.0.0
-
cpe:2.3:a:graphql-java:graphql-java:4.0
-
cpe:2.3:a:graphql-java:graphql-java:4.1
-
cpe:2.3:a:graphql-java:graphql-java:4.2
-
cpe:2.3:a:graphql-java:graphql-java:5.0
-
cpe:2.3:a:graphql-java:graphql-java:6.0
-
cpe:2.3:a:graphql-java:graphql-java:7.0
-
cpe:2.3:a:graphql-java:graphql-java:8.0
-
cpe:2.3:a:graphql-java:graphql-java:9.0
-
cpe:2.3:a:graphql-java:graphql-java:9.1
-
cpe:2.3:a:graphql-java:graphql-java:9.2
-
cpe:2.3:a:graphql-java:graphql-java:9.3
-
cpe:2.3:a:graphql-java:graphql-java:9.4
-
cpe:2.3:a:graphql-java:graphql-java:9.5
-
cpe:2.3:a:graphql-java:graphql-java:9.6
-
cpe:2.3:a:graphql-java:graphql-java:9.7