Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to `/graphql`. This issue was patched in #940. As a workaround, users can disable subscriptions.
References
Link | Resource |
---|---|
https://github.com/mercurius-js/mercurius/issues/939 | Exploit Issue Tracking Third Party Advisory |
https://github.com/mercurius-js/mercurius/pull/940 | Patch Third Party Advisory |
https://github.com/mercurius-js/mercurius/security/advisories/GHSA-cm8h-q92v-xcfc | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 04:06
Type | Values Removed | Values Added |
---|---|---|
Summary | Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to `/graphql`. This issue was patched in #940. As a workaround, users can disable subscriptions. |
12 Jan 2023, 21:35
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mercurius_project:mercurius:*:*:*:*:*:node.js:*:* | |
First Time |
Mercurius Project mercurius
Mercurius Project |
|
CWE | NVD-CWE-Other | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://github.com/mercurius-js/mercurius/pull/940 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/mercurius-js/mercurius/issues/939 - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://github.com/mercurius-js/mercurius/security/advisories/GHSA-cm8h-q92v-xcfc - Patch, Third Party Advisory |
09 Jan 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-09 15:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-22477
Mitre link : CVE-2023-22477
CVE.ORG link : CVE-2023-22477
JSON object : View
Products Affected
mercurius_project
- mercurius
CWE