Advisories for Maven/Org.typelevel/Grackle-Core_sjs1_3 package

2023

Grackle has StackOverflowError in GraphQL query processing

Impact Prior to this fix, the GraphQL query parsing was vulnerable to StackOverflowErrors. The possibility of small queries resulting in stack overflow is a potential denial of service vulnerability. This potentially affects all applications using Grackle which have untrusted users. [!CAUTION] No specific knowledge of an application's GraphQL schema would be required to construct a pathological query. Patches The stack overflow issues have been resolved in the v0.18.0 release of …