CVE-2023-49559

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-49559

CGA ID

CGA-w723-3wh6-c2w7

Severity

Unknown

Summary

gqlparser denial of service vulnerability via the parserDirectives function

Description

An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function.

References

https://images.chainguard.dev/security/CGA-w723-3wh6-c2w7
https://github.com/advisories/GHSA-2hmf-46v7-v6fx
https://nvd.nist.gov/vuln/detail/CVE-2023-49559
https://github.com/99designs/gqlgen/issues/3118
https://github.com/vektah/gqlparser/commit/36a3658873bf5a107f42488dfc392949cdd02977
https://gist.github.com/uvzz/d3ed9d4532be16ec1040a2cf3dfec8d1
https://github.com/vektah/gqlparser
https://github.com/vektah/gqlparser/blob/master/parser/query.go#L316

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2023-49559

Severity

Summary

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources