Find, fix and prevent vulnerabilities in your code.
high severity
- Vulnerable module: com.graphql-java:graphql-java
- Introduced through: com.graphql-java:graphql-java@15.0
Detailed paths
-
Introduced through: aoudiamoncef/graphql-java-filter@aoudiamoncef/graphql-java-filter#726d0fe1d8b11088767706d66ab07b0faf80b203 › com.graphql-java:graphql-java@15.0Remediation: Upgrade to com.graphql-java:graphql-java@17.5.
Overview
Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing a deeply recursive GraphQL query. An attacker can send such a query to exhaust stack memory and cause a crash.
Remediation
Upgrade com.graphql-java:graphql-java to version 0.0.0-2023-03-20T01-49-44-80e3135, 17.5, 18.4, 19.4, 20.1 or higher.
References
medium severity
- Vulnerable module: commons-io:commons-io
- Introduced through: commons-io:commons-io@2.7
Detailed paths
-
Introduced through: aoudiamoncef/graphql-java-filter@aoudiamoncef/graphql-java-filter#726d0fe1d8b11088767706d66ab07b0faf80b203 › commons-io:commons-io@2.7Remediation: Upgrade to commons-io:commons-io@2.14.0.
Overview
commons-io:commons-io is a The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') through the XmlStreamReader class. An attacker can cause the application to consume excessive CPU resources by sending specially crafted XML content.
Remediation
Upgrade commons-io:commons-io to version 2.14.0 or higher.