Advisories for Cargo/Juniper package

2022

Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow

GraphQL behaviour Nested fragment in GraphQL might be quite hard to handle depending on the implementation language. Some language support natively a max recursion depth. However, on most compiled languages, you should add a threshold of recursion. # Infinite loop example query { …a } fragment a on Query { …b } fragment b on Query { …a } POC TLDR With max_size being the number of nested fragment generated. …