CVE-2022-31173

Juniper is a GraphQL server library for Rust. Affected versions of Juniper are vulnerable to uncontrolled recursion resulting in a program crash. This issue has been addressed in version 0.15.10. Users are advised to upgrade. Users unable to upgrade should limit the recursion depth manually.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/graphql-rust/juniper/blob/juniper-v0.15.10/juniper/CHANGELOG.md#01510-2022-07-28	Release Notes Third Party Advisory
https://github.com/graphql-rust/juniper/commit/2b609ee057be950e3454b69fadc431d120e407bb	Patch Third Party Advisory
https://github.com/graphql-rust/juniper/commit/8d28cdba6eb10f53490ba41d1b5cb40506c2de22	Patch Third Party Advisory
https://github.com/graphql-rust/juniper/security/advisories/GHSA-4rx6-g5vg-5f3j	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:juniper_project:juniper:*:*:*:*:*:rust:*:*

History

24 Jul 2023, 13:08

Type	Values Removed	Values Added
CWE	~~CWE-400~~	CWE-674

08 Aug 2022, 15:24

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CPE		cpe:2.3:a:juniper_project:juniper::::::rust::*
References	~~(MISC) https://github.com/graphql-rust/juniper/blob/juniper-v0.15.10/juniper/CHANGELOG.md#01510-2022-07-28 -~~	(MISC) https://github.com/graphql-rust/juniper/blob/juniper-v0.15.10/juniper/CHANGELOG.md#01510-2022-07-28 - Release Notes, Third Party Advisory
References	~~(MISC) https://github.com/graphql-rust/juniper/commit/2b609ee057be950e3454b69fadc431d120e407bb -~~	(MISC) https://github.com/graphql-rust/juniper/commit/2b609ee057be950e3454b69fadc431d120e407bb - Patch, Third Party Advisory
References	~~(CONFIRM) https://github.com/graphql-rust/juniper/security/advisories/GHSA-4rx6-g5vg-5f3j -~~	(CONFIRM) https://github.com/graphql-rust/juniper/security/advisories/GHSA-4rx6-g5vg-5f3j - Exploit, Third Party Advisory
References	~~(MISC) https://github.com/graphql-rust/juniper/commit/8d28cdba6eb10f53490ba41d1b5cb40506c2de22 -~~	(MISC) https://github.com/graphql-rust/juniper/commit/8d28cdba6eb10f53490ba41d1b5cb40506c2de22 - Patch, Third Party Advisory
First Time		Juniper Project Juniper Project juniper

01 Aug 2022, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-01 19:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-31173

Mitre link : CVE-2022-31173

CVE.ORG link : CVE-2022-31173

JSON object : View

Products Affected

juniper_project

juniper

CWE

CWE-674

Uncontrolled Recursion

CWE-400

Uncontrolled Resource Consumption

7.5 /10