Vulnerability

CVE-2023-49559

 Report advisory or correction

CVSS Score 6.9 medium

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CWE

CWE-770

References

https://gist.github.com/uvzz/d3ed9d4532be16ec1040a2cf3dfec8d1
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-49559

[CVE-2023-49559] CWE-770: Allocation of Resources Without Limits or Throttling

Description

An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function.

See github.com/vektah/gqlparser package information