Juniper is a GraphQL server library for Rust. Affected versions of Juniper are vulnerable to uncontrolled recursion resulting in a program crash. This issue has been addressed in version 0.15.10. Users are advised to upgrade. Users unable to upgrade should limit the recursion depth manually.
References
Link | Resource |
---|---|
https://github.com/graphql-rust/juniper/blob/juniper-v0.15.10/juniper/CHANGELOG.md#01510-2022-07-28 | Release Notes Third Party Advisory |
https://github.com/graphql-rust/juniper/commit/2b609ee057be950e3454b69fadc431d120e407bb | Patch Third Party Advisory |
https://github.com/graphql-rust/juniper/commit/8d28cdba6eb10f53490ba41d1b5cb40506c2de22 | Patch Third Party Advisory |
https://github.com/graphql-rust/juniper/security/advisories/GHSA-4rx6-g5vg-5f3j | Exploit Third Party Advisory |
Configurations
History
24 Jul 2023, 13:08
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-674 |
08 Aug 2022, 15:24
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:juniper_project:juniper:*:*:*:*:*:rust:*:* | |
References | (MISC) https://github.com/graphql-rust/juniper/blob/juniper-v0.15.10/juniper/CHANGELOG.md#01510-2022-07-28 - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/graphql-rust/juniper/commit/2b609ee057be950e3454b69fadc431d120e407bb - Patch, Third Party Advisory | |
References | (CONFIRM) https://github.com/graphql-rust/juniper/security/advisories/GHSA-4rx6-g5vg-5f3j - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/graphql-rust/juniper/commit/8d28cdba6eb10f53490ba41d1b5cb40506c2de22 - Patch, Third Party Advisory | |
First Time |
Juniper Project
Juniper Project juniper |
01 Aug 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-01 19:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-31173
Mitre link : CVE-2022-31173
CVE.ORG link : CVE-2022-31173
JSON object : View
Products Affected
juniper_project
- juniper