CVE-2022-30288

Uncontrolled Resource Consumption in gem/agoo

Identifiers

CVE-2022-30288

Package Slug

gem/agoo

Vulnerability

Uncontrolled Resource Consumption

Description

Agoo before 2.14.3 does not reject GraphQL fragment spreads that form cycles, leading to an application crash. NOTE: the vendor has disputed this on the grounds that it is not the server's responsibility to "enforce all the various ways a developer could write code with logic errors.

Affected Versions

All versions before 2.14.3

Solution

Upgrade to version 2.14.3 or above.

Last Modified

2023-11-08

source