CVE-2023-49559: gqlparser denial of service vulnerability via the parserDirectives function
An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function.
References
- gist.github.com/uvzz/d3ed9d4532be16ec1040a2cf3dfec8d1
- github.com/99designs/gqlgen/issues/3118
- github.com/advisories/GHSA-2hmf-46v7-v6fx
- github.com/vektah/gqlparser
- github.com/vektah/gqlparser/blob/master/parser/query.go
- github.com/vektah/gqlparser/commit/36a3658873bf5a107f42488dfc392949cdd02977
- nvd.nist.gov/vuln/detail/CVE-2023-49559
Detect and mitigate CVE-2023-49559 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →